diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/management_group_level_parameters.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/management_group_level_parameters.json index 33b98837d86..25f94d35b28 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/management_group_level_parameters.json +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/management_group_level_parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "nestedsubId": { - "value": "a1bfa635-f2bf-42f1-86b5-848c674fc321az" + "value": "0b1f6471-1bf0-4dda-aec3-cb9272f09590" } } } \ No newline at end of file diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_group_deployment.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_group_deployment.yaml index 2e6e1c31fee..7bbd66581db 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_group_deployment.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_group_deployment.yaml @@ -13,15 +13,15 @@ interactions: ParameterSetName: - -g -n --subnet-name User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001","name":"cli_test_deployment000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-02-10T12:56:04Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001","name":"cli_test_deployment000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-03-22T06:31:41Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -30,7 +30,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:05 GMT + - Mon, 22 Mar 2021 06:31:45 GMT expires: - '-1' pragma: @@ -64,21 +64,21 @@ interactions: ParameterSetName: - -g -n --subnet-name User-Agent: - - AZURECLI/2.19.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.7.3 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.21.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0) method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1?api-version=2020-11-01 response: body: string: "{\r\n \"name\": \"vnet1\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1\",\r\n - \ \"etag\": \"W/\\\"3c42a87f-fdc8-4804-94d2-e279e6edcacf\\\"\",\r\n \"type\": + \ \"etag\": \"W/\\\"ed5056b9-ae45-44ba-a7df-0fec39fff49d\\\"\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"location\": \"westus\",\r\n \ \"tags\": {},\r\n \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n - \ \"resourceGuid\": \"605f607d-6f87-469a-b305-e60e52b0a7e5\",\r\n \"addressSpace\": + \ \"resourceGuid\": \"d8fbdbbd-b605-42be-bc44-c740710d04b5\",\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"10.0.0.0/16\"\r\n ]\r\n \ },\r\n \"dhcpOptions\": {\r\n \"dnsServers\": []\r\n },\r\n \ \"subnets\": [\r\n {\r\n \"name\": \"subnet1\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\",\r\n - \ \"etag\": \"W/\\\"3c42a87f-fdc8-4804-94d2-e279e6edcacf\\\"\",\r\n + \ \"etag\": \"W/\\\"ed5056b9-ae45-44ba-a7df-0fec39fff49d\\\"\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n \ \"addressPrefix\": \"10.0.0.0/24\",\r\n \"delegations\": [],\r\n \"privateEndpointNetworkPolicies\": \"Enabled\",\r\n \"privateLinkServiceNetworkPolicies\": @@ -89,7 +89,7 @@ interactions: azure-asyncnotification: - Enabled azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/bf25c39d-b097-490b-8774-5b807231ae72?api-version=2020-11-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/4fb28d8d-3890-4737-a1af-79baf86e9d83?api-version=2020-11-01 cache-control: - no-cache content-length: @@ -97,7 +97,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:10 GMT + - Mon, 22 Mar 2021 06:31:51 GMT expires: - '-1' pragma: @@ -110,9 +110,9 @@ interactions: x-content-type-options: - nosniff x-ms-arm-service-request-id: - - 9bbd8919-83a6-4dbc-a6b1-82026413bbef + - cdd9ce0d-921f-4eb4-9583-93effb485bc6 x-ms-ratelimit-remaining-subscription-writes: - - '1187' + - '1198' status: code: 201 message: Created @@ -130,9 +130,9 @@ interactions: ParameterSetName: - -g -n --subnet-name User-Agent: - - AZURECLI/2.19.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.7.3 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.21.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/bf25c39d-b097-490b-8774-5b807231ae72?api-version=2020-11-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/4fb28d8d-3890-4737-a1af-79baf86e9d83?api-version=2020-11-01 response: body: string: "{\r\n \"status\": \"Succeeded\"\r\n}" @@ -144,7 +144,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:13 GMT + - Mon, 22 Mar 2021 06:31:54 GMT expires: - '-1' pragma: @@ -161,7 +161,7 @@ interactions: x-content-type-options: - nosniff x-ms-arm-service-request-id: - - b5697039-b12e-4f74-8096-3b499450dbf7 + - bf1c9c1b-d724-494b-bfa0-6c422c451af8 status: code: 200 message: OK @@ -179,21 +179,21 @@ interactions: ParameterSetName: - -g -n --subnet-name User-Agent: - - AZURECLI/2.19.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.7.3 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.21.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1?api-version=2020-11-01 response: body: string: "{\r\n \"name\": \"vnet1\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1\",\r\n - \ \"etag\": \"W/\\\"a576f0ea-8936-49a9-9710-4db1f3421dcb\\\"\",\r\n \"type\": + \ \"etag\": \"W/\\\"1095bc43-fa36-43f6-bd3e-4828a6e0760d\\\"\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"location\": \"westus\",\r\n \ \"tags\": {},\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n - \ \"resourceGuid\": \"605f607d-6f87-469a-b305-e60e52b0a7e5\",\r\n \"addressSpace\": + \ \"resourceGuid\": \"d8fbdbbd-b605-42be-bc44-c740710d04b5\",\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"10.0.0.0/16\"\r\n ]\r\n \ },\r\n \"dhcpOptions\": {\r\n \"dnsServers\": []\r\n },\r\n \ \"subnets\": [\r\n {\r\n \"name\": \"subnet1\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\",\r\n - \ \"etag\": \"W/\\\"a576f0ea-8936-49a9-9710-4db1f3421dcb\\\"\",\r\n + \ \"etag\": \"W/\\\"1095bc43-fa36-43f6-bd3e-4828a6e0760d\\\"\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \ \"addressPrefix\": \"10.0.0.0/24\",\r\n \"delegations\": [],\r\n \"privateEndpointNetworkPolicies\": \"Enabled\",\r\n \"privateLinkServiceNetworkPolicies\": @@ -208,9 +208,9 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:13 GMT + - Mon, 22 Mar 2021 06:31:55 GMT etag: - - W/"a576f0ea-8936-49a9-9710-4db1f3421dcb" + - W/"1095bc43-fa36-43f6-bd3e-4828a6e0760d" expires: - '-1' pragma: @@ -227,7 +227,7 @@ interactions: x-content-type-options: - nosniff x-ms-arm-service-request-id: - - 11e7aab3-0deb-4d13-8945-a61e026f3b7c + - 9ff476f6-93e0-47e3-aa7e-ddc35a8a5634 status: code: 200 message: OK @@ -237,21 +237,22 @@ interactions: \"Dynamic\"}, \"tags\": {\"value\": {\"key\": \"super=value\"}}, \"subnetId\": {\"value\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\"}, \"backendAddressPools\": {\"value\": [{\"name\": \"bepool1\"}, {\"name\": \"bepool2\"}]}}, - \"mode\": \"Incremental\", template:{\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n - \ \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"name\": {\n \"type\": - \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n - \ \"subnetId\": {\n \"type\": \"string\"\n },\n \"privateIPAllocationMethod\": - {\n \"type\": \"string\"\n },\n \"backendAddressPools\": {\n \"type\": - \"array\"\n },\n \"tags\": {\n \"type\": \"object\"\n }\n },\n - \ \"resources\": [\n {\n \"apiVersion\": \"2016-03-30\",\n \"dependsOn\": - [ ],\n \"location\": \"[parameters('location')]\",\n \"name\": \"[parameters('name')]\",\n - \ \"properties\": {\n \"frontendIPConfigurations\": [\n {\n - \ \"name\": \"LoadBalancerFrontEnd\",\n \"properties\": - {\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\n - \ \"subnet\": {\n \"id\": \"[parameters('subnetId')]\"\n - \ }\n }\n }\n ],\n \"backendAddressPools\": - \"[parameters('backendAddressPools')]\"\n },\n \"tags\": \"[parameters('tags')]\",\n - \ \"type\": \"Microsoft.Network/loadBalancers\"\n }\n ] // comment\n}}}" + \"mode\": \"Incremental\", template:{\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n + \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n + \ \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": + \"string\"\r\n },\r\n \"subnetId\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"privateIPAllocationMethod\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"backendAddressPools\": {\r\n \"type\": \"array\"\r\n },\r\n + \ \"tags\": {\r\n \"type\": \"object\"\r\n }\r\n },\r\n \"resources\": + [\r\n {\r\n \"apiVersion\": \"2016-03-30\",\r\n \"dependsOn\": + [ ],\r\n \"location\": \"[parameters('location')]\",\r\n \"name\": + \"[parameters('name')]\",\r\n \"properties\": {\r\n \"frontendIPConfigurations\": + [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \"properties\": + {\r\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\r\n + \ \"subnet\": {\r\n \"id\": \"[parameters('subnetId')]\"\r\n + \ }\r\n }\r\n }\r\n ],\r\n \"backendAddressPools\": + \"[parameters('backendAddressPools')]\"\r\n },\r\n \"tags\": \"[parameters('tags')]\",\r\n + \ \"type\": \"Microsoft.Network/loadBalancers\"\r\n }\r\n ] // comment\r\n}}}" headers: Accept: - application/json @@ -262,21 +263,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1704' + - '1751' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -g --template-file --parameters --parameters --parameters User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/deployment_dry_run","name":"deployment_dry_run","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:15.4223809Z","duration":"PT0S","correlationId":"959509f2-a795-43f8-8192-bc0904d17a33","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/deployment_dry_run","name":"deployment_dry_run","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:31:56.7965833Z","duration":"PT0S","correlationId":"acfb92fd-620e-45a7-950a-4b16b08ff88c","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' headers: cache-control: - no-cache @@ -285,7 +286,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:15 GMT + - Mon, 22 Mar 2021 06:31:56 GMT expires: - '-1' pragma: @@ -299,7 +300,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1197' status: code: 200 message: OK @@ -311,7 +312,7 @@ interactions: Host: - raw.githubusercontent.com User-Agent: - - Python-urllib/3.7 + - Python-urllib/3.8 method: GET uri: https://raw.githubusercontent.com/Azure/azure-cli/dev/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test-params.json response: @@ -338,17 +339,17 @@ interactions: content-type: - text/plain; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:16 GMT + - Mon, 22 Mar 2021 06:31:57 GMT etag: - '"1c23f331a1fb7e4cfba7c70e002f81f4096234811e9470479a537be84a009123"' expires: - - Wed, 10 Feb 2021 13:01:16 GMT + - Mon, 22 Mar 2021 06:36:57 GMT source-age: - '0' strict-transport-security: - max-age=31536000 vary: - - Authorization,Accept-Encoding, Accept-Encoding + - Authorization,Accept-Encoding via: - 1.1 varnish x-cache: @@ -358,15 +359,15 @@ interactions: x-content-type-options: - nosniff x-fastly-request-id: - - 9397354f86a0121f29b055aa62721daf367c0924 + - 683b0f6082f00cad3cb886243130d13776f2c546 x-frame-options: - deny x-github-request-id: - - 688A:27D3:828F3:8C2BE:6023D7EF + - F398:102D:69E495:8AA805:605839DD x-served-by: - - cache-sin18050-SIN + - cache-sin18041-SIN x-timer: - - S1612961776.011401,VS0,VE284 + - S1616394717.480783,VS0,VE336 x-xss-protection: - 1; mode=block status: @@ -378,21 +379,22 @@ interactions: \"Dynamic\"}, \"tags\": {\"value\": {\"key\": \"super=value\"}}, \"subnetId\": {\"value\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\"}, \"backendAddressPools\": {\"value\": [{\"name\": \"bepool1\"}, {\"name\": \"bepool2\"}]}}, - \"mode\": \"Incremental\", template:{\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n - \ \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"name\": {\n \"type\": - \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n - \ \"subnetId\": {\n \"type\": \"string\"\n },\n \"privateIPAllocationMethod\": - {\n \"type\": \"string\"\n },\n \"backendAddressPools\": {\n \"type\": - \"array\"\n },\n \"tags\": {\n \"type\": \"object\"\n }\n },\n - \ \"resources\": [\n {\n \"apiVersion\": \"2016-03-30\",\n \"dependsOn\": - [ ],\n \"location\": \"[parameters('location')]\",\n \"name\": \"[parameters('name')]\",\n - \ \"properties\": {\n \"frontendIPConfigurations\": [\n {\n - \ \"name\": \"LoadBalancerFrontEnd\",\n \"properties\": - {\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\n - \ \"subnet\": {\n \"id\": \"[parameters('subnetId')]\"\n - \ }\n }\n }\n ],\n \"backendAddressPools\": - \"[parameters('backendAddressPools')]\"\n },\n \"tags\": \"[parameters('tags')]\",\n - \ \"type\": \"Microsoft.Network/loadBalancers\"\n }\n ] // comment\n}}}" + \"mode\": \"Incremental\", template:{\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n + \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n + \ \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": + \"string\"\r\n },\r\n \"subnetId\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"privateIPAllocationMethod\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"backendAddressPools\": {\r\n \"type\": \"array\"\r\n },\r\n + \ \"tags\": {\r\n \"type\": \"object\"\r\n }\r\n },\r\n \"resources\": + [\r\n {\r\n \"apiVersion\": \"2016-03-30\",\r\n \"dependsOn\": + [ ],\r\n \"location\": \"[parameters('location')]\",\r\n \"name\": + \"[parameters('name')]\",\r\n \"properties\": {\r\n \"frontendIPConfigurations\": + [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \"properties\": + {\r\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\r\n + \ \"subnet\": {\r\n \"id\": \"[parameters('subnetId')]\"\r\n + \ }\r\n }\r\n }\r\n ],\r\n \"backendAddressPools\": + \"[parameters('backendAddressPools')]\"\r\n },\r\n \"tags\": \"[parameters('tags')]\",\r\n + \ \"type\": \"Microsoft.Network/loadBalancers\"\r\n }\r\n ] // comment\r\n}}}" headers: Accept: - application/json @@ -403,21 +405,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1704' + - '1751' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -g --template-file --parameters --parameters --parameters User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/deployment_dry_run","name":"deployment_dry_run","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:17.8515174Z","duration":"PT0S","correlationId":"b3aae547-9828-4139-820e-377f25f3cedb","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/deployment_dry_run","name":"deployment_dry_run","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:31:59.3101282Z","duration":"PT0S","correlationId":"4a85691a-e6c0-4fb3-880e-45e7590ae717","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' headers: cache-control: - no-cache @@ -426,7 +428,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:18 GMT + - Mon, 22 Mar 2021 06:31:58 GMT expires: - '-1' pragma: @@ -450,21 +452,22 @@ interactions: \"Dynamic\"}, \"tags\": {\"value\": {\"key\": \"super=value\"}}, \"subnetId\": {\"value\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\"}, \"backendAddressPools\": {\"value\": [{\"name\": \"bepool1\"}, {\"name\": \"bepool2\"}]}}, - \"mode\": \"Incremental\", template:{\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n - \ \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"name\": {\n \"type\": - \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n - \ \"subnetId\": {\n \"type\": \"string\"\n },\n \"privateIPAllocationMethod\": - {\n \"type\": \"string\"\n },\n \"backendAddressPools\": {\n \"type\": - \"array\"\n },\n \"tags\": {\n \"type\": \"object\"\n }\n },\n - \ \"resources\": [\n {\n \"apiVersion\": \"2016-03-30\",\n \"dependsOn\": - [ ],\n \"location\": \"[parameters('location')]\",\n \"name\": \"[parameters('name')]\",\n - \ \"properties\": {\n \"frontendIPConfigurations\": [\n {\n - \ \"name\": \"LoadBalancerFrontEnd\",\n \"properties\": - {\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\n - \ \"subnet\": {\n \"id\": \"[parameters('subnetId')]\"\n - \ }\n }\n }\n ],\n \"backendAddressPools\": - \"[parameters('backendAddressPools')]\"\n },\n \"tags\": \"[parameters('tags')]\",\n - \ \"type\": \"Microsoft.Network/loadBalancers\"\n }\n ] // comment\n}}}" + \"mode\": \"Incremental\", template:{\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n + \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n + \ \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": + \"string\"\r\n },\r\n \"subnetId\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"privateIPAllocationMethod\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"backendAddressPools\": {\r\n \"type\": \"array\"\r\n },\r\n + \ \"tags\": {\r\n \"type\": \"object\"\r\n }\r\n },\r\n \"resources\": + [\r\n {\r\n \"apiVersion\": \"2016-03-30\",\r\n \"dependsOn\": + [ ],\r\n \"location\": \"[parameters('location')]\",\r\n \"name\": + \"[parameters('name')]\",\r\n \"properties\": {\r\n \"frontendIPConfigurations\": + [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \"properties\": + {\r\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\r\n + \ \"subnet\": {\r\n \"id\": \"[parameters('subnetId')]\"\r\n + \ }\r\n }\r\n }\r\n ],\r\n \"backendAddressPools\": + \"[parameters('backendAddressPools')]\"\r\n },\r\n \"tags\": \"[parameters('tags')]\",\r\n + \ \"type\": \"Microsoft.Network/loadBalancers\"\r\n }\r\n ] // comment\r\n}}}" headers: Accept: - application/json @@ -475,21 +478,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1704' + - '1751' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -g -n --template-file --parameters --parameters --parameters User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:19.7539154Z","duration":"PT0S","correlationId":"6403e8aa-ebfc-403d-91fb-98ccf77a6b17","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:02.0116749Z","duration":"PT0S","correlationId":"8a6fb75d-ee9b-47a6-bbff-12706bc8381d","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' headers: cache-control: - no-cache @@ -498,7 +501,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:19 GMT + - Mon, 22 Mar 2021 06:32:02 GMT expires: - '-1' pragma: @@ -522,21 +525,22 @@ interactions: \"Dynamic\"}, \"tags\": {\"value\": {\"key\": \"super=value\"}}, \"subnetId\": {\"value\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\"}, \"backendAddressPools\": {\"value\": [{\"name\": \"bepool1\"}, {\"name\": \"bepool2\"}]}}, - \"mode\": \"Incremental\", template:{\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n - \ \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"name\": {\n \"type\": - \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n - \ \"subnetId\": {\n \"type\": \"string\"\n },\n \"privateIPAllocationMethod\": - {\n \"type\": \"string\"\n },\n \"backendAddressPools\": {\n \"type\": - \"array\"\n },\n \"tags\": {\n \"type\": \"object\"\n }\n },\n - \ \"resources\": [\n {\n \"apiVersion\": \"2016-03-30\",\n \"dependsOn\": - [ ],\n \"location\": \"[parameters('location')]\",\n \"name\": \"[parameters('name')]\",\n - \ \"properties\": {\n \"frontendIPConfigurations\": [\n {\n - \ \"name\": \"LoadBalancerFrontEnd\",\n \"properties\": - {\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\n - \ \"subnet\": {\n \"id\": \"[parameters('subnetId')]\"\n - \ }\n }\n }\n ],\n \"backendAddressPools\": - \"[parameters('backendAddressPools')]\"\n },\n \"tags\": \"[parameters('tags')]\",\n - \ \"type\": \"Microsoft.Network/loadBalancers\"\n }\n ] // comment\n}}}" + \"mode\": \"Incremental\", template:{\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n + \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n + \ \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": + \"string\"\r\n },\r\n \"subnetId\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"privateIPAllocationMethod\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"backendAddressPools\": {\r\n \"type\": \"array\"\r\n },\r\n + \ \"tags\": {\r\n \"type\": \"object\"\r\n }\r\n },\r\n \"resources\": + [\r\n {\r\n \"apiVersion\": \"2016-03-30\",\r\n \"dependsOn\": + [ ],\r\n \"location\": \"[parameters('location')]\",\r\n \"name\": + \"[parameters('name')]\",\r\n \"properties\": {\r\n \"frontendIPConfigurations\": + [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \"properties\": + {\r\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\r\n + \ \"subnet\": {\r\n \"id\": \"[parameters('subnetId')]\"\r\n + \ }\r\n }\r\n }\r\n ],\r\n \"backendAddressPools\": + \"[parameters('backendAddressPools')]\"\r\n },\r\n \"tags\": \"[parameters('tags')]\",\r\n + \ \"type\": \"Microsoft.Network/loadBalancers\"\r\n }\r\n ] // comment\r\n}}}" headers: Accept: - application/json @@ -547,32 +551,32 @@ interactions: Connection: - keep-alive Content-Length: - - '1704' + - '1751' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -g -n --template-file --parameters --parameters --parameters User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-02-10T12:56:23.5089124Z","duration":"PT2.1456826S","correlationId":"9b2dfc8d-ede6-424d-a161-4c230aea7ed4","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T06:32:05.8869223Z","duration":"PT2.2207S","correlationId":"8ada4abd-f065-4453-aa4f-692069547804","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[]}}' headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment/operationStatuses/08585886451041143868?api-version=2020-10-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment/operationStatuses/08585852121618114049?api-version=2020-10-01 cache-control: - no-cache content-length: - - '1212' + - '1209' content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:23 GMT + - Mon, 22 Mar 2021 06:32:06 GMT expires: - '-1' pragma: @@ -582,7 +586,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1191' + - '1199' status: code: 201 message: Created @@ -600,10 +604,10 @@ interactions: ParameterSetName: - -g -n --template-file --parameters --parameters --parameters User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585886451041143868?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852121618114049?api-version=2020-10-01 response: body: string: '{"status":"Succeeded"}' @@ -615,7 +619,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:54 GMT + - Mon, 22 Mar 2021 06:32:37 GMT expires: - '-1' pragma: @@ -643,13 +647,13 @@ interactions: ParameterSetName: - -g -n --template-file --parameters --parameters --parameters User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:35.9573603Z","duration":"PT14.5941305S","correlationId":"9b2dfc8d-ede6-424d-a161-4c230aea7ed4","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:14.2533178Z","duration":"PT10.5870955S","correlationId":"8ada4abd-f065-4453-aa4f-692069547804","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' headers: cache-control: - no-cache @@ -658,7 +662,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:54 GMT + - Mon, 22 Mar 2021 06:32:38 GMT expires: - '-1' pragma: @@ -686,19 +690,19 @@ interactions: ParameterSetName: - -g -n User-Agent: - - AZURECLI/2.19.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.7.3 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.21.0 azsdk-python-azure-mgmt-network/18.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb?api-version=2020-11-01 response: body: string: "{\r\n \"name\": \"test-lb\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb\",\r\n - \ \"etag\": \"W/\\\"053020fa-c1bc-4fa2-a9bc-533b0a9ac959\\\"\",\r\n \"type\": + \ \"etag\": \"W/\\\"a29f5c87-7cce-49d9-ac66-a4f685d2eac3\\\"\",\r\n \"type\": \"Microsoft.Network/loadBalancers\",\r\n \"location\": \"westus\",\r\n \"tags\": {\r\n \"key\": \"super=value\"\r\n },\r\n \"properties\": {\r\n \"provisioningState\": - \"Succeeded\",\r\n \"resourceGuid\": \"dab9cf2f-6cf9-444d-823e-9578770076c9\",\r\n + \"Succeeded\",\r\n \"resourceGuid\": \"61988c63-8311-40d8-9dde-3765bfa7d926\",\r\n \ \"frontendIPConfigurations\": [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \ \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb/frontendIPConfigurations/LoadBalancerFrontEnd\",\r\n - \ \"etag\": \"W/\\\"053020fa-c1bc-4fa2-a9bc-533b0a9ac959\\\"\",\r\n + \ \"etag\": \"W/\\\"a29f5c87-7cce-49d9-ac66-a4f685d2eac3\\\"\",\r\n \ \"type\": \"Microsoft.Network/loadBalancers/frontendIPConfigurations\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \ \"privateIPAddress\": \"10.0.0.4\",\r\n \"privateIPAllocationMethod\": @@ -706,11 +710,11 @@ interactions: \ },\r\n \"privateIPAddressVersion\": \"IPv4\"\r\n }\r\n \ }\r\n ],\r\n \"backendAddressPools\": [\r\n {\r\n \"name\": \"bepool1\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb/backendAddressPools/bepool1\",\r\n - \ \"etag\": \"W/\\\"053020fa-c1bc-4fa2-a9bc-533b0a9ac959\\\"\",\r\n + \ \"etag\": \"W/\\\"a29f5c87-7cce-49d9-ac66-a4f685d2eac3\\\"\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Succeeded\"\r\n \ },\r\n \"type\": \"Microsoft.Network/loadBalancers/backendAddressPools\"\r\n \ },\r\n {\r\n \"name\": \"bepool2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb/backendAddressPools/bepool2\",\r\n - \ \"etag\": \"W/\\\"053020fa-c1bc-4fa2-a9bc-533b0a9ac959\\\"\",\r\n + \ \"etag\": \"W/\\\"a29f5c87-7cce-49d9-ac66-a4f685d2eac3\\\"\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Succeeded\"\r\n \ },\r\n \"type\": \"Microsoft.Network/loadBalancers/backendAddressPools\"\r\n \ }\r\n ],\r\n \"loadBalancingRules\": [],\r\n \"probes\": [],\r\n @@ -724,9 +728,9 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:56 GMT + - Mon, 22 Mar 2021 06:32:39 GMT etag: - - W/"053020fa-c1bc-4fa2-a9bc-533b0a9ac959" + - W/"a29f5c87-7cce-49d9-ac66-a4f685d2eac3" expires: - '-1' pragma: @@ -743,7 +747,7 @@ interactions: x-content-type-options: - nosniff x-ms-arm-service-request-id: - - 14ac8983-c347-488c-9fa3-65042de37cb6 + - 7383c7c5-2b79-44a0-8fa3-6757f95e47d5 status: code: 200 message: OK @@ -761,15 +765,15 @@ interactions: ParameterSetName: - -g User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:35.9573603Z","duration":"PT14.5941305S","correlationId":"9b2dfc8d-ede6-424d-a161-4c230aea7ed4","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:14.2533178Z","duration":"PT10.5870955S","correlationId":"8ada4abd-f065-4453-aa4f-692069547804","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}]}' headers: cache-control: - no-cache @@ -778,7 +782,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:56 GMT + - Mon, 22 Mar 2021 06:32:40 GMT expires: - '-1' pragma: @@ -806,15 +810,15 @@ interactions: ParameterSetName: - -g --filter User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/?$filter=provisioningState%20eq%20%27Succeeded%27&api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:35.9573603Z","duration":"PT14.5941305S","correlationId":"9b2dfc8d-ede6-424d-a161-4c230aea7ed4","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:14.2533178Z","duration":"PT10.5870955S","correlationId":"8ada4abd-f065-4453-aa4f-692069547804","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}]}' headers: cache-control: - no-cache @@ -823,7 +827,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:57 GMT + - Mon, 22 Mar 2021 06:32:41 GMT expires: - '-1' pragma: @@ -851,15 +855,15 @@ interactions: ParameterSetName: - -g -n User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:35.9573603Z","duration":"PT14.5941305S","correlationId":"9b2dfc8d-ede6-424d-a161-4c230aea7ed4","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment","name":"azure-cli-deployment","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:14.2533178Z","duration":"PT10.5870955S","correlationId":"8ada4abd-f065-4453-aa4f-692069547804","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' headers: cache-control: - no-cache @@ -868,7 +872,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:57 GMT + - Mon, 22 Mar 2021 06:32:42 GMT expires: - '-1' pragma: @@ -896,15 +900,15 @@ interactions: ParameterSetName: - -g -n User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/deployments/mock-deployment/operations?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment/operations/C30311279497E89B","operationId":"C30311279497E89B","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:35.0275913Z","duration":"PT9.8738267S","trackingId":"b7629be2-47e9-4d85-b8bc-7f7cd187c6f5","serviceRequestId":"135d6cbb-fcc3-4e8d-a866-70c04c5d320d","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb","resourceType":"Microsoft.Network/loadBalancers","resourceName":"test-lb"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment/operations/08585886451041143868","operationId":"08585886451041143868","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2021-02-10T12:56:35.728032Z","duration":"PT10.5742674S","trackingId":"6fa685d1-8b1c-4ec0-8a85-16c269d63a24","statusCode":"OK"}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment/operations/FDA7016562A76296","operationId":"FDA7016562A76296","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:14.1575923Z","duration":"PT6.6147212S","trackingId":"9b8d6085-1cc9-4d5f-b971-00df4ad492e6","serviceRequestId":"71b8a8b9-68ff-4007-ac53-5b8df1e326e9","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb","resourceType":"Microsoft.Network/loadBalancers","resourceName":"test-lb"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-deployment/operations/08585852121618114049","operationId":"08585852121618114049","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:14.2284516Z","duration":"PT6.6855805S","trackingId":"b9afb806-edd3-46f2-b10b-13e1dae79f24","statusCode":"OK"}}]}' headers: cache-control: - no-cache @@ -913,7 +917,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:56:59 GMT + - Mon, 22 Mar 2021 06:32:44 GMT expires: - '-1' pragma: @@ -933,21 +937,22 @@ interactions: \"Dynamic\"}, \"tags\": {\"value\": {\"key\": \"super=value\"}}, \"subnetId\": {\"value\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\"}, \"backendAddressPools\": {\"value\": [{\"name\": \"bepool1\"}, {\"name\": \"bepool2\"}]}}, - \"mode\": \"Incremental\", template:{\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n - \ \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"name\": {\n \"type\": - \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n - \ \"subnetId\": {\n \"type\": \"string\"\n },\n \"privateIPAllocationMethod\": - {\n \"type\": \"string\"\n },\n \"backendAddressPools\": {\n \"type\": - \"array\"\n },\n \"tags\": {\n \"type\": \"object\"\n }\n },\n - \ \"resources\": [\n {\n \"apiVersion\": \"2016-03-30\",\n \"dependsOn\": - [ ],\n \"location\": \"[parameters('location')]\",\n \"name\": \"[parameters('name')]\",\n - \ \"properties\": {\n \"frontendIPConfigurations\": [\n {\n - \ \"name\": \"LoadBalancerFrontEnd\",\n \"properties\": - {\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\n - \ \"subnet\": {\n \"id\": \"[parameters('subnetId')]\"\n - \ }\n }\n }\n ],\n \"backendAddressPools\": - \"[parameters('backendAddressPools')]\"\n },\n \"tags\": \"[parameters('tags')]\",\n - \ \"type\": \"Microsoft.Network/loadBalancers\"\n }\n ] // comment\n}}}" + \"mode\": \"Incremental\", template:{\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n + \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n + \ \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": + \"string\"\r\n },\r\n \"subnetId\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"privateIPAllocationMethod\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"backendAddressPools\": {\r\n \"type\": \"array\"\r\n },\r\n + \ \"tags\": {\r\n \"type\": \"object\"\r\n }\r\n },\r\n \"resources\": + [\r\n {\r\n \"apiVersion\": \"2016-03-30\",\r\n \"dependsOn\": + [ ],\r\n \"location\": \"[parameters('location')]\",\r\n \"name\": + \"[parameters('name')]\",\r\n \"properties\": {\r\n \"frontendIPConfigurations\": + [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \"properties\": + {\r\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\r\n + \ \"subnet\": {\r\n \"id\": \"[parameters('subnetId')]\"\r\n + \ }\r\n }\r\n }\r\n ],\r\n \"backendAddressPools\": + \"[parameters('backendAddressPools')]\"\r\n },\r\n \"tags\": \"[parameters('tags')]\",\r\n + \ \"type\": \"Microsoft.Network/loadBalancers\"\r\n }\r\n ] // comment\r\n}}}" headers: Accept: - application/json @@ -958,30 +963,30 @@ interactions: Connection: - keep-alive Content-Length: - - '1704' + - '1751' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -g -n --template-file --parameters --parameters --parameters --no-wait User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002","name":"azure-cli-resource-group-deployment2000002","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-10T12:57:00.3480051Z","duration":"PT0S","correlationId":"8e41996a-a78b-412e-b506-6cec5e809506","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002","name":"azure-cli-resource-group-deployment2000002","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:32:47.026869Z","duration":"PT0S","correlationId":"fa78d550-e3f1-43e6-b698-684955e0aae6","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/loadBalancers/test-lb"}]}}' headers: cache-control: - no-cache content-length: - - '1510' + - '1509' content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:57:00 GMT + - Mon, 22 Mar 2021 06:32:47 GMT expires: - '-1' pragma: @@ -995,7 +1000,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1198' + - '1199' status: code: 200 message: OK @@ -1005,21 +1010,22 @@ interactions: \"Dynamic\"}, \"tags\": {\"value\": {\"key\": \"super=value\"}}, \"subnetId\": {\"value\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1\"}, \"backendAddressPools\": {\"value\": [{\"name\": \"bepool1\"}, {\"name\": \"bepool2\"}]}}, - \"mode\": \"Incremental\", template:{\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n - \ \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"name\": {\n \"type\": - \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n - \ \"subnetId\": {\n \"type\": \"string\"\n },\n \"privateIPAllocationMethod\": - {\n \"type\": \"string\"\n },\n \"backendAddressPools\": {\n \"type\": - \"array\"\n },\n \"tags\": {\n \"type\": \"object\"\n }\n },\n - \ \"resources\": [\n {\n \"apiVersion\": \"2016-03-30\",\n \"dependsOn\": - [ ],\n \"location\": \"[parameters('location')]\",\n \"name\": \"[parameters('name')]\",\n - \ \"properties\": {\n \"frontendIPConfigurations\": [\n {\n - \ \"name\": \"LoadBalancerFrontEnd\",\n \"properties\": - {\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\n - \ \"subnet\": {\n \"id\": \"[parameters('subnetId')]\"\n - \ }\n }\n }\n ],\n \"backendAddressPools\": - \"[parameters('backendAddressPools')]\"\n },\n \"tags\": \"[parameters('tags')]\",\n - \ \"type\": \"Microsoft.Network/loadBalancers\"\n }\n ] // comment\n}}}" + \"mode\": \"Incremental\", template:{\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n + \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n + \ \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": + \"string\"\r\n },\r\n \"subnetId\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"privateIPAllocationMethod\": {\r\n \"type\": \"string\"\r\n + \ },\r\n \"backendAddressPools\": {\r\n \"type\": \"array\"\r\n },\r\n + \ \"tags\": {\r\n \"type\": \"object\"\r\n }\r\n },\r\n \"resources\": + [\r\n {\r\n \"apiVersion\": \"2016-03-30\",\r\n \"dependsOn\": + [ ],\r\n \"location\": \"[parameters('location')]\",\r\n \"name\": + \"[parameters('name')]\",\r\n \"properties\": {\r\n \"frontendIPConfigurations\": + [\r\n {\r\n \"name\": \"LoadBalancerFrontEnd\",\r\n \"properties\": + {\r\n \"privateIPAllocationMethod\": \"[parameters('privateIPAllocationMethod')]\",\r\n + \ \"subnet\": {\r\n \"id\": \"[parameters('subnetId')]\"\r\n + \ }\r\n }\r\n }\r\n ],\r\n \"backendAddressPools\": + \"[parameters('backendAddressPools')]\"\r\n },\r\n \"tags\": \"[parameters('tags')]\",\r\n + \ \"type\": \"Microsoft.Network/loadBalancers\"\r\n }\r\n ] // comment\r\n}}}" headers: Accept: - application/json @@ -1030,24 +1036,24 @@ interactions: Connection: - keep-alive Content-Length: - - '1704' + - '1751' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -g -n --template-file --parameters --parameters --parameters --no-wait User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002","name":"azure-cli-resource-group-deployment2000002","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-02-10T12:57:02.4340869Z","duration":"PT0.9874336S","correlationId":"dc033a4d-0bb2-45dd-a803-2589b19f99d7","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002","name":"azure-cli-resource-group-deployment2000002","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T06:32:51.1217534Z","duration":"PT2.0116875S","correlationId":"4f5d4361-f8bf-475c-8f8e-3f78e55e1389","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[]}}' headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002/operationStatuses/08585886450640309606?api-version=2020-10-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002/operationStatuses/08585852121163675536?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -1055,7 +1061,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:57:02 GMT + - Mon, 22 Mar 2021 06:32:52 GMT expires: - '-1' pragma: @@ -1065,7 +1071,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1190' + - '1198' status: code: 201 message: Created @@ -1085,8 +1091,8 @@ interactions: ParameterSetName: - -n -g User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1098,7 +1104,7 @@ interactions: cache-control: - no-cache date: - - Wed, 10 Feb 2021 12:57:03 GMT + - Mon, 22 Mar 2021 06:32:54 GMT expires: - '-1' pragma: @@ -1108,7 +1114,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1197' + - '1199' status: code: 204 message: No Content @@ -1126,24 +1132,24 @@ interactions: ParameterSetName: - -n -g User-Agent: - - python/3.7.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.19.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002","name":"azure-cli-resource-group-deployment2000002","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-10T12:57:04.0758348Z","duration":"PT2.6291815S","correlationId":"dc033a4d-0bb2-45dd-a803-2589b19f99d7","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment2000002","name":"azure-cli-resource-group-deployment2000002","type":"Microsoft.Resources/deployments","properties":{"templateHash":"16281834986780566039","parameters":{"name":{"type":"String","value":"test-lb"},"location":{"type":"String","value":"westus"},"subnetId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment000001/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"},"privateIPAllocationMethod":{"type":"String","value":"Dynamic"},"backendAddressPools":{"type":"Array","value":[{"name":"bepool1"},{"name":"bepool2"}]},"tags":{"type":"Object","value":{"key":"super=value"}}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T06:32:55.2045179Z","duration":"PT6.094452S","correlationId":"4f5d4361-f8bf-475c-8f8e-3f78e55e1389","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"loadBalancers","locations":["westus"]}]}],"dependencies":[]}}' headers: cache-control: - no-cache content-length: - - '1292' + - '1291' content-type: - application/json; charset=utf-8 date: - - Wed, 10 Feb 2021 12:57:04 GMT + - Mon, 22 Mar 2021 06:32:55 GMT expires: - '-1' pragma: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_deployment.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_deployment.yaml index 4e700537cba..f020ff651bb 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_deployment.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_deployment.yaml @@ -15,8 +15,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:20:59 GMT + - Mon, 22 Mar 2021 08:33:55 GMT expires: - '-1' pragma: @@ -64,8 +64,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -81,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:09 GMT + - Mon, 22 Mar 2021 08:34:05 GMT expires: - '-1' pragma: @@ -116,8 +116,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -133,7 +133,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:11 GMT + - Mon, 22 Mar 2021 08:34:08 GMT expires: - '-1' location: @@ -141,11 +141,11 @@ interactions: pragma: - no-cache request-id: - - 9592fca4-36de-4965-90ae-fa598f3a9b7e + - f073f8da-6c4e-4f96-abe6-8ae9bc5c53df strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: @@ -167,8 +167,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: @@ -182,7 +182,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:21 GMT + - Mon, 22 Mar 2021 08:34:19 GMT expires: - '-1' location: @@ -190,11 +190,11 @@ interactions: pragma: - no-cache request-id: - - 3e275990-acdc-4693-83a2-b7a527002107 + - 023037a0-42b3-4010-9c8d-885c87e9e307 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -214,8 +214,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: @@ -229,7 +229,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:32 GMT + - Mon, 22 Mar 2021 08:34:29 GMT expires: - '-1' location: @@ -237,11 +237,11 @@ interactions: pragma: - no-cache request-id: - - 340f574e-1f3f-4df8-8cf4-78ae4ad63c11 + - 771862d8-d4c8-4dce-8055-59f5b9430017 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -261,60 +261,13 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management000002","status":"Running"}' - headers: - cache-control: - - no-cache - content-length: - - '205' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 13 Nov 2020 05:21:43 GMT - expires: - - '-1' - location: - - https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview - pragma: - - no-cache - request-id: - - 577d234b-49de-4895-b0bd-fafa38e8c7a9 - strict-transport-security: - - max-age=31536000; includeSubDomains - x-ba-restapi: - - 1.0.3.1589 - x-content-type-options: - - nosniff - status: - code: 202 - message: Accepted -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - account management-group create - Connection: - - keep-alive - ParameterSetName: - - --name - User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 - method: GET - uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview - response: - body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"azure-cli-management000002","details":{"version":1,"updatedTime":"2020-11-13T05:21:19.5455706Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"azure-cli-management000002","details":{"version":1,"updatedTime":"2021-03-22T08:34:19.7275639Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' headers: cache-control: - no-cache @@ -323,13 +276,13 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:54 GMT + - Mon, 22 Mar 2021 08:34:42 GMT expires: - '-1' pragma: - no-cache request-id: - - 924da4e0-b3e4-4dfb-a4ee-1fc9b643d590 + - 114194a7-5da1-4e50-9179-85bdb32d22ce strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -337,7 +290,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -410,24 +363,24 @@ interactions: - --management-group-id --location --template-file --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/management_group_level_template","name":"management_group_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:21:55.863746Z","duration":"PT0S","correlationId":"de31053c-1ae8-4549-bde3-22164ecec3d4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"validatedResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Resources/deployments/rg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/management_group_level_template","name":"management_group_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:34:44.0547945Z","duration":"PT0S","correlationId":"cccb9cf5-feb5-4a7d-bd9a-c3d749ec2e71","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"validatedResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Resources/deployments/rg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache content-length: - - '2595' + - '2596' content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:57 GMT + - Mon, 22 Mar 2021 08:34:45 GMT expires: - '-1' pragma: @@ -512,15 +465,15 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:21:58.5413161Z","duration":"PT0S","correlationId":"49d41be5-c84f-444e-bf37-883c11ab0a6b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"validatedResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Resources/deployments/rg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:34:46.0581132Z","duration":"PT0S","correlationId":"ec1f6138-2954-48f4-9f8f-3df7eaabb083","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"validatedResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Resources/deployments/rg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache @@ -529,7 +482,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:21:59 GMT + - Mon, 22 Mar 2021 08:34:47 GMT expires: - '-1' pragma: @@ -614,18 +567,18 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-11-13T05:22:04.1154766Z","duration":"PT3.3680764S","correlationId":"9d16a8c8-1b5f-4f0a-b0d4-fbd6a4e6b9f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T08:34:52.1301294Z","duration":"PT3.1949092S","correlationId":"f9d6e4e7-8a7d-4a93-85dc-50751334b6cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' headers: azure-asyncoperation: - - https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operationStatuses/08585963619647302349?api-version=2020-06-01 + - https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operationStatuses/08585852047965424071?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -633,7 +586,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:22:04 GMT + - Mon, 22 Mar 2021 08:34:52 GMT expires: - '-1' pragma: @@ -662,10 +615,10 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585963619647302349?api-version=2020-06-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852047965424071?api-version=2020-10-01 response: body: string: '{"status":"Running"}' @@ -677,7 +630,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:22:35 GMT + - Mon, 22 Mar 2021 08:35:24 GMT expires: - '-1' pragma: @@ -706,54 +659,10 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585963619647302349?api-version=2020-06-01 - response: - body: - string: '{"status":"Running"}' - headers: - cache-control: - - no-cache - content-length: - - '20' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 13 Nov 2020 05:23:05 GMT - expires: - - '-1' - pragma: - - no-cache - strict-transport-security: - - max-age=31536000; includeSubDomains - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - deployment mg create - Connection: - - keep-alive - ParameterSetName: - - --management-group-id --location -n --template-file --parameters --parameters - --parameters --parameters - User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 - method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585963619647302349?api-version=2020-06-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852047965424071?api-version=2020-10-01 response: body: string: '{"status":"Succeeded"}' @@ -765,7 +674,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:36 GMT + - Mon, 22 Mar 2021 08:35:54 GMT expires: - '-1' pragma: @@ -794,22 +703,22 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:14.0992447Z","duration":"PT1M13.3518445S","correlationId":"9d16a8c8-1b5f-4f0a-b0d4-fbd6a4e6b9f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:35:50.7960281Z","duration":"PT1M1.8608079S","correlationId":"f9d6e4e7-8a7d-4a93-85dc-50751334b6cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache content-length: - - '2352' + - '2351' content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:36 GMT + - Mon, 22 Mar 2021 08:35:55 GMT expires: - '-1' pragma: @@ -837,24 +746,24 @@ interactions: ParameterSetName: - --management-group-id User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:14.0992447Z","duration":"PT1M13.3518445S","correlationId":"9d16a8c8-1b5f-4f0a-b0d4-fbd6a4e6b9f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}]}' + string: '{"value":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:35:50.7960281Z","duration":"PT1M1.8608079S","correlationId":"f9d6e4e7-8a7d-4a93-85dc-50751334b6cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}]}' headers: cache-control: - no-cache content-length: - - '2364' + - '2363' content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:38 GMT + - Mon, 22 Mar 2021 08:35:56 GMT expires: - '-1' pragma: @@ -882,24 +791,24 @@ interactions: ParameterSetName: - --management-group-id --filter User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/?$filter=provisioningState%20eq%20%27Succeeded%27&api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:14.0992447Z","duration":"PT1M13.3518445S","correlationId":"9d16a8c8-1b5f-4f0a-b0d4-fbd6a4e6b9f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}]}' + string: '{"value":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:35:50.7960281Z","duration":"PT1M1.8608079S","correlationId":"f9d6e4e7-8a7d-4a93-85dc-50751334b6cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}]}' headers: cache-control: - no-cache content-length: - - '2364' + - '2363' content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:39 GMT + - Mon, 22 Mar 2021 08:35:56 GMT expires: - '-1' pragma: @@ -927,24 +836,24 @@ interactions: ParameterSetName: - --management-group-id -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:14.0992447Z","duration":"PT1M13.3518445S","correlationId":"9d16a8c8-1b5f-4f0a-b0d4-fbd6a4e6b9f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001","name":"azure-cli-management-group-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:35:50.7960281Z","duration":"PT1M1.8608079S","correlationId":"f9d6e4e7-8a7d-4a93-85dc-50751334b6cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache content-length: - - '2352' + - '2351' content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:39 GMT + - Mon, 22 Mar 2021 08:35:57 GMT expires: - '-1' pragma: @@ -974,8 +883,8 @@ interactions: ParameterSetName: - --management-group-id -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -996,7 +905,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:41 GMT + - Mon, 22 Mar 2021 08:35:58 GMT expires: - '-1' pragma: @@ -1028,15 +937,15 @@ interactions: ParameterSetName: - --management-group-id -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/operations?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/AB0501E36D519C96","operationId":"AB0501E36D519C96","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:13.8870922Z","duration":"PT1M6.6252441S","trackingId":"57faca8f-6050-45bd-a934-56e389163ecb","serviceRequestId":"c6769021-b5ee-4ff3-bc39-c8fbb6a991de","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested","resourceType":"Microsoft.Resources/deployments","resourceName":"sdktest-subnested"}}},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/C6521865CDD547BF","operationId":"C6521865CDD547BF","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-11-13T05:22:08.9999241Z","duration":"PT1.738076S","trackingId":"f1a4cf46-d58d-4b04-a566-4adae5a51e8f","serviceRequestId":"eastus:3437098e-ca2c-43b8-93e1-411a06d704aa","statusCode":"Created","targetResource":{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}}},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/E3C6F557A217AC6B","operationId":"E3C6F557A217AC6B","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-11-13T05:22:08.264004Z","duration":"PT1.0021559S","trackingId":"f03d38d1-c7e3-43b9-8010-90541e8b1068","serviceRequestId":"eastus:e304412b-9ffd-40a9-b97e-dfa2b7cd3cb2","statusCode":"Created","targetResource":{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}}},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/08585963619647302349","operationId":"08585963619647302349","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:14.0191692Z","duration":"PT0.0936306S","trackingId":"c52ce831-4766-498a-83a8-1b8d425c5a30","statusCode":"OK"}}]}' + string: '{"value":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/AB0501E36D519C96","operationId":"AB0501E36D519C96","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T08:35:49.4914357Z","duration":"PT55.8200173S","trackingId":"beba15e8-f177-4061-834b-1cbad6dfa5d0","serviceRequestId":"c818a51f-f7d6-4de3-bb32-5c365d2b5b3b","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested","resourceType":"Microsoft.Resources/deployments","resourceName":"sdktest-subnested"}}},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/C943F35BA8F07EDD","operationId":"C943F35BA8F07EDD","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T08:34:54.7719603Z","duration":"PT1.1005419S","trackingId":"968e3e88-5bb2-4963-8710-32a50a7b3517","serviceRequestId":"westus:ce24d6af-0c10-4341-a64f-278e0a3a3d21","statusCode":"Created","targetResource":{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}}},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/0711A65684354067","operationId":"0711A65684354067","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T08:34:54.604146Z","duration":"PT0.9327276S","trackingId":"47b30847-e41e-4052-b6e4-5500b85bb88a","serviceRequestId":"westus:22d4232b-ee54-444e-b94e-dcaf841068b7","statusCode":"Created","targetResource":{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}}},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-management-group-deployment000001/operations/08585852047965424071","operationId":"08585852047965424071","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2021-03-22T08:35:50.5951536Z","duration":"PT0.6787137S","trackingId":"b58b137d-2c2a-4f3d-8f62-16a74ed39234","statusCode":"OK"}}]}' headers: cache-control: - no-cache @@ -1045,7 +954,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:41 GMT + - Mon, 22 Mar 2021 08:35:59 GMT expires: - '-1' pragma: @@ -1126,15 +1035,15 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters --no-wait User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:23:43.0392243Z","duration":"PT0S","correlationId":"1ea8c89b-a01b-4707-886f-b9be4cd4da68","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"validatedResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Resources/deployments/rg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T08:36:00.9715409Z","duration":"PT0S","correlationId":"06ae4505-7465-4a63-902d-321f4b65dc39","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"validatedResources":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Resources/deployments/rg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache @@ -1143,7 +1052,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:44 GMT + - Mon, 22 Mar 2021 08:36:02 GMT expires: - '-1' pragma: @@ -1157,7 +1066,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 200 message: OK @@ -1228,18 +1137,18 @@ interactions: - --management-group-id --location -n --template-file --parameters --parameters --parameters --parameters --no-wait User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-11-13T05:23:48.9213647Z","duration":"PT3.3512147S","correlationId":"478cc3a4-3c4b-4be3-a6bf-07beb1aab0e2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T08:36:06.4759966Z","duration":"PT3.2141113S","correlationId":"1b3fb452-58c7-4882-bd69-ed5dd484f872","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' headers: azure-asyncoperation: - - https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004/operationStatuses/08585963618599074742?api-version=2020-06-01 + - https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004/operationStatuses/08585852047222157810?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -1247,7 +1156,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:49 GMT + - Mon, 22 Mar 2021 08:36:07 GMT expires: - '-1' pragma: @@ -1277,8 +1186,8 @@ interactions: ParameterSetName: - -n --management-group-id User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1290,7 +1199,7 @@ interactions: cache-control: - no-cache date: - - Fri, 13 Nov 2020 05:23:52 GMT + - Mon, 22 Mar 2021 08:36:08 GMT expires: - '-1' pragma: @@ -1318,15 +1227,15 @@ interactions: ParameterSetName: - -n --management-group-id --custom User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-13T05:23:51.4420094Z","duration":"PT5.8718594S","correlationId":"478cc3a4-3c4b-4be3-a6bf-07beb1aab0e2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T08:36:08.3624661Z","duration":"PT5.1005808S","correlationId":"1b3fb452-58c7-4882-bd69-ed5dd484f872","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' headers: cache-control: - no-cache @@ -1335,7 +1244,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:53 GMT + - Mon, 22 Mar 2021 08:36:10 GMT expires: - '-1' pragma: @@ -1363,15 +1272,15 @@ interactions: ParameterSetName: - -n --management-group-id User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-13T05:23:54.2754186Z","duration":"PT8.7052686S","correlationId":"478cc3a4-3c4b-4be3-a6bf-07beb1aab0e2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000004","name":"azure-cli-resource-group-deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6254393849767844371","parameters":{"targetMG":{"type":"String","value":"azure-cli-management000002"},"nestedsubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"azure-cli-sub-resource-group000003"},"storageAccountName":{"type":"String","value":"armbuilddemo000005"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T08:36:08.3624661Z","duration":"PT5.1005808S","correlationId":"1b3fb452-58c7-4882-bd69-ed5dd484f872","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus"]}]}],"dependencies":[{"dependsOn":[{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}]}}' headers: cache-control: - no-cache @@ -1380,7 +1289,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:53 GMT + - Mon, 22 Mar 2021 08:36:11 GMT expires: - '-1' pragma: @@ -1410,8 +1319,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1427,7 +1336,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:23:58 GMT + - Mon, 22 Mar 2021 08:36:14 GMT expires: - '-1' pragma: @@ -1459,8 +1368,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/10.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -1476,7 +1385,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:24:08 GMT + - Mon, 22 Mar 2021 08:36:24 GMT expires: - '-1' pragma: @@ -1508,8 +1417,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -1525,7 +1434,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:24:12 GMT + - Mon, 22 Mar 2021 08:36:26 GMT expires: - '-1' location: @@ -1533,11 +1442,11 @@ interactions: pragma: - no-cache request-id: - - 5ff0b30c-3e24-4d6c-8583-3e4da9e59ff3 + - 81ed83b4-71e2-4638-bc19-e4764da09210 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-deletes: @@ -1559,8 +1468,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.14.1 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: @@ -1574,13 +1483,13 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 13 Nov 2020 05:24:23 GMT + - Mon, 22 Mar 2021 08:36:37 GMT expires: - '-1' pragma: - no-cache request-id: - - 7c76710f-2282-406c-b834-ad6f81c0bc2e + - cc7693b8-f380-40b5-8716-e321f9317d63 strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -1588,7 +1497,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_level_what_if.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_level_what_if.yaml index a43886affb4..052b07febbf 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_level_what_if.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_management_group_level_what_if.yaml @@ -15,8 +15,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:27:12 GMT + - Mon, 22 Mar 2021 08:39:21 GMT expires: - '-1' pragma: @@ -46,7 +46,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1198' status: code: 200 message: OK @@ -64,8 +64,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -81,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:27:23 GMT + - Mon, 22 Mar 2021 08:39:31 GMT expires: - '-1' pragma: @@ -116,8 +116,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -133,7 +133,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:27:23 GMT + - Mon, 22 Mar 2021 08:39:32 GMT expires: - '-1' location: @@ -141,11 +141,11 @@ interactions: pragma: - no-cache request-id: - - 5729127b-949c-495c-acd1-680301bd3e19 + - dd06dc0f-17e8-466c-8593-2948ff733318 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: @@ -167,8 +167,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: @@ -182,7 +182,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:27:33 GMT + - Mon, 22 Mar 2021 08:39:44 GMT expires: - '-1' location: @@ -190,11 +190,11 @@ interactions: pragma: - no-cache request-id: - - 619c2a24-2299-4ac2-9c5f-941339509209 + - dfda794a-f305-4287-ab8e-68fff533f71f strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -214,8 +214,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: @@ -229,7 +229,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:27:44 GMT + - Mon, 22 Mar 2021 08:39:54 GMT expires: - '-1' location: @@ -237,11 +237,11 @@ interactions: pragma: - no-cache request-id: - - 45fdea00-bee0-4dcf-bc0b-d49dfa4a3852 + - eec9c4a4-5d99-44ce-8cb2-5c1901eba187 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -261,13 +261,13 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management000002?api-version=2018-03-01-preview response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management000002","status":"Succeeded","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"azure-cli-management000002","details":{"version":1,"updatedTime":"2020-12-16T22:27:32.7859734Z","updatedBy":"414d10da-615f-49a7-90a0-a7008fb31cd3","parent":{"id":"/providers/Microsoft.Management/managementGroups/72f988bf-86f1-41af-91ab-2d7cd011db47","name":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"72f988bf-86f1-41af-91ab-2d7cd011db47"}}}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"azure-cli-management000002","details":{"version":1,"updatedTime":"2021-03-22T08:39:41.2983267Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' headers: cache-control: - no-cache @@ -276,13 +276,13 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:27:55 GMT + - Mon, 22 Mar 2021 08:40:06 GMT expires: - '-1' pragma: - no-cache request-id: - - 5f23482f-560a-48e1-a61b-94e5e5dd3bdb + - c735c28d-2c47-4ebb-a088-2fe45ab2a9ec strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -290,7 +290,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -298,7 +298,7 @@ interactions: message: OK - request: body: "{\"location\": \"WestUS\", \"properties\": {\"parameters\": {\"nestedsubId\": - {\"value\": \"a1bfa635-f2bf-42f1-86b5-848c674fc321\"}, \"targetMG\": {\"value\": + {\"value\": \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"}, \"targetMG\": {\"value\": \"azure-cli-management000002\"}, \"nestedRG\": {\"value\": \"azure-cli-sub-resource-group000003\"}, \"storageAccountName\": {\"value\": \"armbuilddemo000004\"}}, \"mode\": \"Incremental\", \"whatIfSettings\": {\"resultFormat\": \"FullResourcePayloads\"}, template:{\r\n @@ -364,8 +364,8 @@ interactions: - --management-group-id --location --template-file --no-pretty-print --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -379,11 +379,11 @@ interactions: content-length: - '0' date: - - Wed, 16 Dec 2020 22:27:59 GMT + - Mon, 22 Mar 2021 08:40:08 GMT expires: - '-1' location: - - https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItQVpVUkU6MkRDTEk6MkRNQU5BR0VNRU5UUE9JWk5ON1RMRi1NQU5BR0VNRU5UOjVGR1JPVVA6NUZMRVZFTDo1RlRFTVBMQVRFLUZFOUExMUU4OjJEM0Q2RToyRDRCREQ6MkQ4RDJEOjJEOERBNUE4MTcwQkIzIiwiam9iTG9jYXRpb24iOiJXZXN0VVMifQ?api-version=2020-10-01 + - https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItQVpVUkU6MkRDTEk6MkRNQU5BR0VNRU5UQldHRkFIMlkyTS1NQU5BR0VNRU5UOjVGR1JPVVA6NUZMRVZFTDo1RlRFTVBMQVRFLUE2QUE3MjVGOjJEMEY2RDoyRDQ5MjQ6MkRCNzFBOjJEQ0VFQTJCNUEwREMyIiwiam9iTG9jYXRpb24iOiJXZXN0VVMifQ?api-version=2020-10-01 pragma: - no-cache strict-transport-security: @@ -391,7 +391,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 202 message: Accepted @@ -410,13 +410,13 @@ interactions: - --management-group-id --location --template-file --no-pretty-print --parameters --parameters --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItQVpVUkU6MkRDTEk6MkRNQU5BR0VNRU5UUE9JWk5ON1RMRi1NQU5BR0VNRU5UOjVGR1JPVVA6NUZMRVZFTDo1RlRFTVBMQVRFLUZFOUExMUU4OjJEM0Q2RToyRDRCREQ6MkQ4RDJEOjJEOERBNUE4MTcwQkIzIiwiam9iTG9jYXRpb24iOiJXZXN0VVMifQ?api-version=2020-10-01 + uri: https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItQVpVUkU6MkRDTEk6MkRNQU5BR0VNRU5UQldHRkFIMlkyTS1NQU5BR0VNRU5UOjVGR1JPVVA6NUZMRVZFTDo1RlRFTVBMQVRFLUE2QUE3MjVGOjJEMEY2RDoyRDQ5MjQ6MkRCNzFBOjJEQ0VFQTJCNUEwREMyIiwiam9iTG9jYXRpb24iOiJXZXN0VVMifQ?api-version=2020-10-01 response: body: - string: '{"status":"Succeeded","properties":{"correlationId":"fe9a11e8-3d6e-4bdd-8d2d-8da5a8170bb3","changes":[{"resourceId":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","changeType":"Create","after":{"apiVersion":"2016-12-01","id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","name":"location-lock","properties":{"policyDefinitionId":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","scope":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002"},"type":"Microsoft.Authorization/policyAssignments"}},{"resourceId":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","changeType":"Create","after":{"apiVersion":"2016-12-01","id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","name":"policy2","properties":{"policyRule":{"if":{"equals":"northeurope","field":"location"},"then":{"effect":"deny"}},"policyType":"Custom"},"type":"Microsoft.Authorization/policyDefinitions"}},{"resourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003","changeType":"Create","after":{"apiVersion":"2018-05-01","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003","location":"East + string: '{"status":"Succeeded","properties":{"correlationId":"a6aa725f-0f6d-4924-b71a-ceea2b5a0dc2","changes":[{"resourceId":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","changeType":"Create","after":{"apiVersion":"2016-12-01","id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyAssignments/location-lock","name":"location-lock","properties":{"policyDefinitionId":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","scope":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002"},"type":"Microsoft.Authorization/policyAssignments"}},{"resourceId":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","changeType":"Create","after":{"apiVersion":"2016-12-01","id":"/providers/Microsoft.Management/managementGroups/azure-cli-management000002/providers/Microsoft.Authorization/policyDefinitions/policy2","name":"policy2","properties":{"policyRule":{"if":{"equals":"northeurope","field":"location"},"then":{"effect":"deny"}},"policyType":"Custom"},"type":"Microsoft.Authorization/policyDefinitions"}},{"resourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003","changeType":"Create","after":{"apiVersion":"2018-05-01","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003","location":"East US 2 EUAP","name":"azure-cli-sub-resource-group000003","type":"Microsoft.Resources/resourceGroups"}},{"resourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000004","changeType":"Create","after":{"apiVersion":"2015-06-15","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-group000003/providers/Microsoft.Storage/storageAccounts/armbuilddemo000004","location":"East US","name":"armbuilddemo000004","properties":{"accountType":"Standard_LRS","supportsHttpsTrafficOnly":true},"type":"Microsoft.Storage/storageAccounts"}}]}}' headers: @@ -427,7 +427,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:28:15 GMT + - Mon, 22 Mar 2021 08:40:25 GMT expires: - '-1' pragma: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml index 4324a7ddddc..1ddc5b9e307 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml @@ -15,8 +15,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:01 GMT + - Mon, 22 Mar 2021 07:12:03 GMT expires: - '-1' pragma: @@ -46,7 +46,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1197' status: code: 200 message: OK @@ -64,8 +64,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -81,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:11 GMT + - Mon, 22 Mar 2021 07:12:13 GMT expires: - '-1' pragma: @@ -116,8 +116,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -133,7 +133,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:11 GMT + - Mon, 22 Mar 2021 07:12:16 GMT expires: - '-1' location: @@ -141,11 +141,11 @@ interactions: pragma: - no-cache request-id: - - 42ae3fdf-f53f-4cc4-b57e-0e0e8a13265c + - e67e1fe5-1745-4112-8262-a1a4b6c6f5e5 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: @@ -167,8 +167,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: @@ -182,7 +182,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:22 GMT + - Mon, 22 Mar 2021 07:12:27 GMT expires: - '-1' location: @@ -190,11 +190,11 @@ interactions: pragma: - no-cache request-id: - - 6f55a840-a27e-47e9-a319-e734612e8dfe + - e4b1b4b0-b7d1-4608-9376-4d4e120e5604 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -214,8 +214,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: @@ -229,7 +229,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:33 GMT + - Mon, 22 Mar 2021 07:12:39 GMT expires: - '-1' location: @@ -237,11 +237,11 @@ interactions: pragma: - no-cache request-id: - - db8197ed-1f92-46f1-881c-de67790b3cc6 + - 8b71eac6-2d2f-45b4-a84b-d25d8418e836 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -261,29 +261,28 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2020-12-17T19:15:19.4765544Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","parent":{"id":"/providers/Microsoft.Management/managementGroups/01a4073e-87c8-47cd-aafc-1439b4b5ea2c","name":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"Tenant - Root Group"}}}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2021-03-22T07:12:24.1045783Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' headers: cache-control: - no-cache content-length: - - '623' + - '642' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:43 GMT + - Mon, 22 Mar 2021 07:12:49 GMT expires: - '-1' pragma: - no-cache request-id: - - 74f0443e-1c45-4e64-88b3-140000f10cbe + - 2008af66-538a-495b-b85c-040fb5af1364 strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -291,7 +290,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -320,15 +319,15 @@ interactions: ParameterSetName: - -n --rules --params --display-name --description --mode --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: @@ -339,7 +338,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:45 GMT + - Mon, 22 Mar 2021 07:12:50 GMT expires: - '-1' pragma: @@ -367,15 +366,15 @@ interactions: ParameterSetName: - -n --description --display-name --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: @@ -386,7 +385,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:46 GMT + - Mon, 22 Mar 2021 07:12:51 GMT expires: - '-1' pragma: @@ -425,15 +424,15 @@ interactions: ParameterSetName: - -n --description --display-name --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:15:46.5602334Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T07:12:51.5141288Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: @@ -444,7 +443,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:46 GMT + - Mon, 22 Mar 2021 07:12:51 GMT expires: - '-1' pragma: @@ -472,15 +471,15 @@ interactions: ParameterSetName: - -n --description --display-name --metadata --params --rules --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:15:46.5602334Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T07:12:51.5141288Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: @@ -491,7 +490,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:46 GMT + - Mon, 22 Mar 2021 07:12:52 GMT expires: - '-1' pragma: @@ -529,15 +528,15 @@ interactions: ParameterSetName: - -n --description --display-name --metadata --params --rules --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:15:47.3012012Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T07:12:52.3927893Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: cache-control: @@ -547,7 +546,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:47 GMT + - Mon, 22 Mar 2021 07:12:52 GMT expires: - '-1' pragma: @@ -575,8 +574,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -599,11 +598,28 @@ interactions: Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Vulnerability + assessment should be enabled on your Synapse workspaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Discover, + track, and remediate potential vulnerabilities by configuring recurring SQL + vulnerability assessment scans on your Synapse workspaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0049a6b3-a662-4f3e-8635-39cf44ace45a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"Azure + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"SQL + Server Integration Services integration runtimes on Azure Data Factory should + be joined to a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security and isolation for your + SQL Server Integration Services integration runtimes on Azure Data Factory, + as well as subnets, access control policies, and other features to further + restrict access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.vnetProperties.vnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0088bc63-6dee-4a9c-9d29-91cfdc848952\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Batch accounts without a need for public IP addresses at the source or + destination. Learn more about private endpoints in Batch at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/009a0c92-f5b4-4776-9b66-4ed2b4775563\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"009a0c92-f5b4-4776-9b66-4ed2b4775563\"},{\"properties\":{\"displayName\":\"Azure Backup should be enabled for Virtual Machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure Backup is a secure and cost effective data protection solution for Azure.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -670,7 +686,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03b78f5e-4877-4303-b0f4-eb6583f25768\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1361 - Incident Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Azure + Kubernetes Service Private Clusters should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + the private cluster feature for your Azure Kubernetes Service cluster to ensure + network traffic between your API server and your node pools remains on the + private network only. This is a common requirement in many regulatory and + industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"field\":\"Microsoft.ContainerService/managedClusters/apiServerAccessProfile.enablePrivateCluster\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"040732e8-d947-40b8-95d6-854c95024bf8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1594 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"042ba2a1-8bb8-45f4-b080-c78cf62b90e9\"},{\"properties\":{\"displayName\":\"Audit @@ -693,10 +715,11 @@ interactions: when deploying Azure Cosmos DB resources.\",\"strongType\":\"location\"}},\"policyEffect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/Locations[*]\",\"where\":{\"value\":\"[replace(toLower(first(field('Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName'))), ' ', '')]\",\"in\":\"[parameters('listOfAllowedLocations')]\"}},\"notEquals\":\"[length(field('Microsoft.DocumentDB/databaseAccounts/Locations[*]'))]\"}]},\"then\":{\"effect\":\"[parameters('policyEffect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0473574d-2d43-4217-aefe-941fcdf7e684\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0473574d-2d43-4217-aefe-941fcdf7e684\"},{\"properties\":{\"displayName\":\"SQL - Managed Instance TDE protector should be encrypted with your own key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent - Data Encryption (TDE) with your own key support provides increased transparency - and control over the TDE Protector, increased security with an HSM-backed - external service, and promotion of separation of duties.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + managed instances should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Implementing + Transparent Data Encryption (TDE) with your own key provides you with increased + transparency and control over the TDE Protector, increased security with an + HSM-backed external service, and promotion of separation of duties. This recommendation + applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"048248b0-55cd-46da-b1ff-39efd52db260\"},{\"properties\":{\"displayName\":\"[Preview]: Network traffic data collection agent should be installed on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Security @@ -733,11 +756,11 @@ interactions: Managed Control 1572 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\"},{\"properties\":{\"displayName\":\"Azure - API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + API for FHIR should use a customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer - of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API for FHIR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HealthcareApis/services\"},{\"field\":\"Microsoft.HealthcareApis/services/cosmosDbConfiguration.keyVaultKeyUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"051cba44-2429-45b9-9649-46cec11c7119\"},{\"properties\":{\"displayName\":\"Deploy Log Analytics agent for Linux VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy @@ -756,9 +779,14 @@ interactions: Managed Control 1331 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"05460fe2-301f-4ed1-8174-d62c8bb92ff4\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Azure Front Door Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Azure Front Door Service. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Application Firewall (WAF) should be enabled for Azure Front Door Service + service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/frontdoors\"},{\"field\":\"Microsoft.Network/frontdoors/frontendEndpoints[*].webApplicationFirewallPolicyLink.id\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"055aa869-bc98-4af8-bafc-23f1ab6ffe2c\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity @@ -771,15 +799,15 @@ interactions: that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Data Lake Store should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -799,7 +827,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063b540e-4bdc-4e7a-a569-3a42ddf22098\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1688 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + access the private endpoint(s) for Storage Sync Service resource interfaces + from a registered server, you need to configure your DNS to resolve the correct + names to your private endpoint's private IP addresses. This policy creates + the requisite Azure Private DNS Zone and A records for the interfaces of your + Storage Sync Service private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"Private + DNS Zone Identifier\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"afs\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f\",\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-afs\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"06695360-db88-47f6-b976-7500d4297475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"068260be-a5e6-4b0a-a430-cd27071c226a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -817,7 +854,7 @@ interactions: network access should be disabled for Cognitive Services accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only - connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0725b4dd-7e76-479c-a735-68e7ee23d5ca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated @@ -829,16 +866,16 @@ interactions: app. Allow only required domains to interact with your Function app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed. The list of OS images will be updated over - time as support is updated.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled @@ -873,18 +910,18 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Search/searchServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08ba64b8-738f-4918-9686-730d2ed79c7d\"},{\"properties\":{\"displayName\":\"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential - attack surface\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security + attack surface\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There should be more than one owner assigned to your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate more than one subscription owner in order to have - administrator access redundancy.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + administrator access redundancy.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1159 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0925f098-7877-450b-8ba4-d1e55f2d8795\"},{\"properties\":{\"displayName\":\"Disk @@ -934,13 +971,13 @@ interactions: to Azure Database for MariaDB. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"[Preview]: - Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"Azure + Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements - and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft + and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1654 - Voice Over Internet Protocol\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a2ee16e-ab1f-414a-800b-d1608835862b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -951,7 +988,7 @@ interactions: implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a77fcc7-b8d8-451a-ab52-56197913c0c7\"},{\"properties\":{\"displayName\":\"Audit resource location matches resource group location\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - that the resource location matches its resource group location\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"location\",\"notIn\":[\"[resourcegroup().location]\",\"global\"]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: + that the resource location matches its resource group location\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[resourcegroup().location]\"},{\"field\":\"location\",\"notEquals\":\"global\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -967,7 +1004,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\"}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your containers with greater flexibility using customer-managed keys. When + you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.vaultBaseUrl\",\"exists\":false},{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.keyName\",\"exists\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0aa61e00-0a01-4a3c-9945-e93cffedf0e6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1044 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0abbac52-57cf-450d-8408-1208d0dd9e90\"},{\"properties\":{\"displayName\":\"Microsoft @@ -975,25 +1020,24 @@ interactions: Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0afce0b3-dd9f-42bb-af28-1e4284ba8311\"},{\"properties\":{\"displayName\":\"Email - notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - emailing security alerts to the subscription owner, in order to have them - receive security alert emails from Microsoft. This ensures that they are aware - of any potential security issues and can mitigate the risk in a timely fashion\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure your subscription owners are notified when there is a potential security + breach in their subscription, set email notifications to subscription owners + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"not\":{\"allOf\":[{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"equals\":\"Off\"},{\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\",\"equals\":\"High\"}]}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b1aa965-7502-41f9-92be-3e2fe7cc392a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1020 - Account Management | Role-Based Schemes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b291ee8-3140-4cad-beb7-568c077c78ce\"},{\"properties\":{\"displayName\":\"Key - vault should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + vaults should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious deletion of a key vault can lead to permanent data loss. A malicious insider - in your organization may potentially be able to gain access to delete and - purge key vaults. Purge protection protects you from insider attacks by enforcing - a mandatory retention period for soft deleted key vaults. No one inside your - organization or Microsoft will be able to purge your key vaults during the - soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key + in your organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -1023,15 +1067,29 @@ interactions: certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Automation Accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Automation accounts without a need for public IP addresses at the source + or destination. Learn more about private endpoints in Azure Automation at + https://docs.microsoft.com/azure/automation/how-to/private-link-security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c2b3618-68a8-4034-a150-ff4abc873462\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c2b3618-68a8-4034-a150-ff4abc873462\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1496 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ca96127-2f87-46ab-a4fc-0d2a786df1c8\"},{\"properties\":{\"displayName\":\"SQL - server TDE protector should be encrypted with your own key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent - Data Encryption (TDE) with your own key support provides increased transparency + servers should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Implementing + Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed - external service, and promotion of separation of duties.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Microsoft + external service, and promotion of separation of duties. This recommendation + applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Private + endpoint should be enabled for IoT Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections enforce secure communication by enabling private connectivity + to IoT Hub. Configure a private endpoint connection to enable access to traffic + coming only from known networks and prevent access from all other IP addresses, + including within Azure.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d40b058-9f95-4a19-93e3-9b0330baa2a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d40b058-9f95-4a19-93e3-9b0330baa2a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1518 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d58f734-c052-40e9-8b2f-a1c2bff0b815\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1051,9 +1109,9 @@ interactions: visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDefenderExploitGuard\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy a flow log resource with target network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configures flow log for specific network security group. It will allow to log information about IP traffic flowing through an network security group. Flow log helps @@ -1090,7 +1148,13 @@ interactions: Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Authorized + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure File Sync to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Azure File Sync's internet-accessible public endpoint are disabled by your + organizational policy. You may still access the Storage Sync Service via its + private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"Audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"value\":\"AllowVirtualNetworksOnly\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0e07b2e9-6cd9-4c40-9ccb-52817b95133b\"},{\"properties\":{\"displayName\":\"Authorized IP ranges should be defined on Kubernetes Services\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized @@ -1127,7 +1191,15 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ecd903d-91e7-4726-83d3-a229d7f2e293\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1601 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"[Preview]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"Configure + Batch accounts with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Batch + accounts, you can reduce data leakage risks. Learn more about private links + at: https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"equals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"batchAccount\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ef5aac7-c064-427a-b87b-d47b3ddcaf73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ef5aac7-c064-427a-b87b-d47b3ddcaf73\"},{\"properties\":{\"displayName\":\"[Preview]: Audit Azure Spring Cloud instances where distributed tracing is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Distributed tracing tools in Azure Spring Cloud allow debugging and monitoring the complex interconnections between microservices in an application. Distributed tracing @@ -1151,7 +1223,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fb8d3ce-9e96-481c-9c68-88d4e3019310\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1017 - Account Management | Inactivity Logout\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"CORS + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Container registries\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that container registries + are not exposed on the public internet. Creating private endpoints can limit + exposure of container registry resources. Learn more at: https://aka.ms/acr/portal/public-network + and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fdf0491-d080-4575-b627-ad0e843cba0f\"},{\"properties\":{\"displayName\":\"CORS should not allow every domain to access your API for FHIR\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly @@ -1199,21 +1278,29 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11158848-f679-4e9b-aa7b-9fb07d945071\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1432 - Media Storage\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Cognitive + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure IoT Hubs to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint. This policy disables + public network access on IoT Hub resources.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/114eec6e-5e59-4bad-999d-6eceeb39d582\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"114eec6e-5e59-4bad-999d-6eceeb39d582\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should use customer owned storage or enable data encryption.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed. The list of OS images is updated + over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - System settings'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - System settings' for certificate rules on executables for SRP and @@ -1286,9 +1373,9 @@ interactions: Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow - in adaptive application control policies.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + in adaptive application control policies.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web Application Firewall (WAF) should use the specified mode for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Mandates the use of 'Detection' or 'Prevention' mode to be active on all Web Application Firewall policies for Application Gateway.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -1296,7 +1383,13 @@ interactions: Requirement\",\"description\":\"Mode required for all WAF policies\"},\"allowedValues\":[\"Prevention\",\"Detection\"],\"defaultValue\":\"Detection\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies\"},{\"field\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.mode\",\"notEquals\":\"[parameters('modeRequirement')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12430be1-6cc8-4527-a9a8-e3d38f250096\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use Key Vault for storing secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure secrets (such as connection strings) are managed securely, require + users to provide secrets using an Azure Key Vault instead of specifying them + inline in linked services.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"exists\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"PWD=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"Password=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"CredString=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"pwd=\"}]}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"exists\":\"false\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSearch.typeProperties.key.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/CosmosDb.typeProperties.accountKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.encryptedCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.mwsAuthToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.secretKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonS3.typeProperties.secretAccessKey.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential.type\",\"equals\":\"SecureString\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken.type\",\"equals\":\"SecureString\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Odbc.typeProperties.credential.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleAdWords.typeProperties.developerToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.clientSecret.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.refreshToken.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"MongoDbAtlas\",\"MongoDbV2\"]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCert.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCertPassword.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.privateKeyContent.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.passPhrase.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Salesforce.typeProperties.securityToken.type\",\"equals\":\"SecureString\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"127ef6d7-242f-43b3-9eef-947faf1725d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1240 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"129eb39f-d79a-4503-84cd-92f036b5e429\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -1350,7 +1443,18 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"134d7a13-ba3e-41e2-b236-91bfcfa24e01\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1184 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"[Preview]: + Configure machines to receive the Qualys vulnerability assessment agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Defender includes vulnerability scanning for your machines at no extra cost. + You don't need a Qualys license or even a Qualys account - everything's handled + seamlessly inside Security Center. Machines which don't have the Qualys vulnerability + assessment agent deployed automatically receive the agent if this policy is + enabled.\",\"metadata\":{\"category\":\"Security Center\",\"preview\":true,\"version\":\"2.0.0-preview\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]},\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"template\":{\"contentVersion\":\"1.0.0.0\",\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"parameters\":{\"vmName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.compute/virtualmachines'))]\",\"type\":\"Microsoft.Compute/virtualMachines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"},{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.hybridcompute/machines'))]\",\"type\":\"Microsoft.HybridCompute/machines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"}]},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}}}},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\",\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13ce0167-8ca6-4048-8e6b-f996402e3c1b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1085 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13d117e0-38b0-4bbb-aaab-563be5dd10ba\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1415,7 +1519,38 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;MembersToExclude\",\"value\":\"[parameters('MembersToExclude')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityWindowsAgent\":\"[concat('deployAzureSecurityWindowsAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityWindowsAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityWindowsAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1537496a-b1e8-482b-a06a-1cc2415cdc7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1157 - Plan Of Action And Milestones\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"15495367-cf68-464c-bbc3-f53ca5227b7a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1478,7 +1613,15 @@ interactions: '-', uniqueString(parameters('targetManagedApplicationId')))]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"associatedResourceName\":{\"type\":\"string\"},\"resourceTypesToAssociate\":{\"type\":\"string\"},\"targetManagedApplicationId\":{\"type\":\"string\"},\"associationNamePrefix\":{\"type\":\"string\"}},\"variables\":{\"resourceType\":\"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\"resourceName\":\"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2017-05-10\",\"name\":\"[concat(deployment().Name, - '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"Transparent + '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"[ASC + Private Preview] Deploy - Configure system-assigned managed identity to enable + Azure Monitor assignments on VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"[ASC + Private Preview] Configure system-assigned managed identity to virtual machines + hosted in Azure that are supported by Azure Monitor that do not have a system-assigned + managed identity. A system-assigned managed identity is a prerequisite for + all Azure Monitor assignments and must be added to machines before using any + Azure Monitor extension. Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.2.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"value\":\"[requestContext().apiVersion]\",\"greaterOrEquals\":\"2018-10-01\"},{\"field\":\"identity.type\",\"notContains\":\"SystemAssigned\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"identity.type\",\"value\":\"[if(contains(field('identity.type'), + 'UserAssigned'), concat(field('identity.type'), ',SystemAssigned'), 'SystemAssigned')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17b3de92-f710-4cf4-aa55-0e7859f1ed7b\"},{\"properties\":{\"displayName\":\"Transparent Data Encryption on SQL databases should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -1489,14 +1632,13 @@ interactions: Managed Control 1480 - Temperature And Humidity Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18a767cc-1947-4338-a240-bc058c81164f\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - PostgreSQL database servers enables implementing a separation of duties in - the management of keys and data. When you configure a customer-managed key, - the key is used to protect and control access to the key that encrypts your - data. You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18adea5e-f416-4d0f-8aa8-d24321e3e274\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1369 - Incident Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -1532,7 +1674,13 @@ interactions: your app services are overly permissive and allow inbound traffic from ranges that are too broad\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Vulnerability + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Azure + Event Grid topics should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1adadefe-5f21-44f7-b931-a59b54ccdb45\"},{\"properties\":{\"displayName\":\"Vulnerability assessment should be enabled on SQL Managed Instance\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -1541,7 +1689,8 @@ interactions: network access on Azure SQL Database should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration - denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure + denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API @@ -1551,13 +1700,21 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machines if the VM Image (OS) is in the - list defined and the agent is not installed. The list of OS images will be - updated over time as support is updated.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Azure + Service Bus namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Service Bus namespaces, + data leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c06e275-d63d-4540-b761-71f364c2111d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c06e275-d63d-4540-b761-71f364c2111d\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Dependency agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c210e94-a481-4beb-95fa-1571b434fb04\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -1566,49 +1723,61 @@ interactions: Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Public + network access on Azure Data Factory should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + Data Factory can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Azure + File Sync should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Creating + a private endpoint for the indicated Storage Sync Service resource allows + you to address your Storage Sync Service resource from within the private + IP address space of your organization's network, rather than through the internet-accessible + public endpoint. Creating a private endpoint by itself does not disable the + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d320205-c6a1-4ac6-873d-46224024e8e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d320205-c6a1-4ac6-873d-46224024e8e2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"Deploy + GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth from the defined git repo. For - instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"preview\":true,\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Configuration resource name\",\"description\":\"The name for the sourceControlConfiguration. - \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator instance name\",\"description\":\"The name of the operator associated - with this configuration. The instance name can contain up to 353 lower-case - alphanumeric characters, hyphen, or period. If enableHelmOperator is true, - then operatorInstanceName + operatorNamespace strings cannot exceed 47 characters - combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator namespace\",\"description\":\"The namespace to use for the configuration - operator. The namespace can contain up to 353 lower-case alphanumeric characters, - hyphen, or period. If enableHelmOperator is true, then operatorInstanceName - + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator scope\",\"description\":\"The permission scope for the operator. - Possible values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator type\",\"description\":\"The type of operator to install. Currently, - 'Flux' is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator parameters\",\"description\":\"Parameters to set on the Flux operator, - separated by spaces. For example, --git-readonly --git-path=namespaces,workloads. - \ Learn more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Repository Url\",\"description\":\"The URL for the source control repository. - Private repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Enable Helm\",\"description\":\"Indicate whether to enable Helm for this instance - of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart version for installing Flux Helm\",\"description\":\"The version - of the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"0.6.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart parameters for installing Flux Helm\",\"description\":\"Parameters - for the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"--git-readonly\",\"[parameters('operatorParams')]\",\"[concat('--git-readonly - ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(parameters('clusterResourceType'), - 'connectedclusters')]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(parameters('clusterResourceType'), - 'managedclusters')]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft + instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"The name of the operator associated with + this configuration. The instance name can contain up to 353 lower-case alphanumeric + characters, hyphen, or period. If enableHelmOperator is true, then operatorInstanceName + + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"The namespace to use for the configuration operator. + The namespace can contain up to 353 lower-case alphanumeric characters, hyphen, + or period. If enableHelmOperator is true, then operatorInstanceName + operatorNamespace + strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --git-path=namespaces,workloads. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Private + repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1538 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d7658b2-e827-49c3-a2ae-6d2bd0b45874\"},{\"properties\":{\"displayName\":\"Virtual @@ -1634,12 +1803,21 @@ interactions: a required tag and its value. Does not apply to resource groups.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Tags\"},\"parameters\":{\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"not\":{\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Key - vault should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting + parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Synapse + workspace. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network#appendix-dns-registration-for-private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Target sub resource the private endpoint + connects to\"},\"allowedValues\":[\"Dev\",\"Sql\",\"SqlOnDemand\"],\"defaultValue\":\"Dev\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('targetSubResource')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"synapse-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\"},{\"properties\":{\"displayName\":\"Key + vaults should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault - can lead to permanent data loss. Soft delete allows you to recover an accidently - deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Key + can lead to permanent data loss. Soft delete allows you to recover an accidentally + deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\"},{\"properties\":{\"displayName\":\"Azure API for FHIR should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure @@ -1653,7 +1831,14 @@ interactions: to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be encrypted with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Create + Azure Monitor logs cluster with customer-managed keys encryption. By default, + the log data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance. Customer-managed + key in Azure Monitor gives you more control over the access to you data, see + https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"exists\":\"false\"}]},{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"exists\":\"false\"}]},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVersion\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f68a601-6e6d-4e42-babf-3f643a047ea2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f68a601-6e6d-4e42-babf-3f643a047ea2\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is @@ -1701,13 +1886,32 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f8c20ce-3414-4496-8b26-0e902a1541da\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB account should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - customer-managed keys to control the encryption at rest of the data stored - in Azure Cosmos DB when this is a regulatory or compliance requirement. Customer-managed - keys also deliver double encryption by adding a second layer of encryption - on top of the default one done with service-managed keys. See https://aka.ms/cosmosdb-cmk\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos + Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/cosmosdb-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Microsoft + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Logic + Apps Integration Service Environment should be encrypted with customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + into Integration Service Environment to manage encryption at rest of Logic + Apps data using customer-managed keys. By default, customer data is encrypted + with service-managed keys, but customer-managed keys are commonly required + to meet regulatory compliance standards. Customer-managed keys enable the + data to be encrypted with an Azure Key Vault key created and owned by you. + You have full control and responsibility for the key lifecycle, including + rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/integrationServiceEnvironments\"},{\"field\":\"Microsoft.Logic/integrationServiceEnvironments/encryptionConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption at host to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling + encryption at host helps protect and safeguard your data to meet your organizational + security and compliance commitments. When you enable encryption at host, data + stored on the VM host is encrypted at rest and flows encrypted to the Storage + service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2006457a-48b3-4f7b-8d2e-1532287f9929\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1724,13 +1928,30 @@ interactions: Image Builder templates should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit VM Image Builder templates that do not have a virtual network configured. When a virtual network is not configured, a public IP is created and used - instead which may expose resources directly to the internet and increase the + instead which may directly expose resources to the internet and increase the potential attack surface.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"VM Image Builder\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.VirtualMachineImages/imageTemplates\"},{\"field\":\"Microsoft.VirtualMachineImages/imageTemplates/vmProfile.vnetConfig\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2154edb9-244f-4741-9970-660785bccdaa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Azure File Sync\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public endpoint allows you to restrict access to your Storage Sync Service + resource to requests destined to approved private endpoints on your organization's + network. There is nothing inherently insecure about allowing requests to the + public endpoint, however, you may wish to disable it to meet regulatory, legal, + or organizational policy requirements. You can disable the public endpoint + for a Storage Sync Service by setting the incomingTrafficPolicy of the resource + to AllowVirtualNetworksOnly.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a8cd35-125e-4d13-b82d-2e19b7208bb7\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a9766a-82a5-4747-abb5-650b6dbba6d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a9766a-82a5-4747-abb5-650b6dbba6d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1111 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21de687c-f15e-4e51-bf8d-f35c8619965b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1770,9 +1991,9 @@ interactions: ports should be closed on your virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Open remote management ports are exposing your VM to a high level of risk from Internet-based attacks. These attacks attempt to brute force credentials to - gain admin access to the machine.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + gain admin access to the machine.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1493 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22b469b3-fccf-42da-aa3b-a28e6fb113ce\"},{\"properties\":{\"displayName\":\"Only @@ -1827,7 +2048,13 @@ interactions: workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Automation account so that it isn't accessible + over the public internet. This configuration helps protect them against data + leakage risks. You can limit exposure of the your Automation account resources + by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Automation\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"value\":false}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1268 - Alternate Storage Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23f6e984-3053-4dfc-ab48-543b764781f5\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1877,9 +2104,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\"},{\"properties\":{\"displayName\":\"Endpoint protection solution should be installed on virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the existence and health of an endpoint protection solution on your virtual - machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1649 - Collaborative Computing Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26d292cc-b0b8-4c29-9337-68abc758bf7b\"},{\"properties\":{\"displayName\":\"Metric @@ -1890,23 +2117,31 @@ interactions: name\",\"description\":\"The metric name that an alert rule must be enabled on\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/alertRules\",\"existenceScope\":\"Subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/alertRules/isEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\"equals\":\"[parameters('metricName')]\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\"equals\":\"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', - field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Enable - Automanage - Azure virtual machine best practices\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Automanage - enrolls, configures, and monitors virtual machines with Azure VM best practice - services. Use this policy to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage - account\",\"description\":\"Select Automanage account from dropdown list. - If this account is outside of the scope of the assignment you must manually - grant 'Contributor' permissions (or similar) on the account to the policy - assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Configure + virtual machines to be onboarded to Azure Automanage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Automanage enrolls, configures, and monitors virtual machines with best practice + as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy + to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage + account\",\"description\":\"The Automanage account is an Azure managed identity + under which virtual machine operations are performed. If this account is outside + of the scope of the assignment you must manually grant 'Contributor' permissions + (or similar) on the account to the policy assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration profile\",\"description\":\"The management services provided are based on whether the machine is intended to be used in a dev/test environment or production.\"},\"allowedValues\":[\"Azure virtual machine best practices \u2013 Production\",\"Azure virtual machine best practices \u2013 Dev/test\"],\"defaultValue\":\"Azure virtual machine - best practices \u2013 Production\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"westus2\",\"westcentralus\",\"westeurope\",\"canadacentral\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), + best practices \u2013 Production\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"eastus2\",\"westus\",\"westus2\",\"centralus\",\"southcentralus\",\"westcentralus\",\"northeurope\",\"westeurope\",\"canadacentral\",\"japaneast\",\"uksouth\",\"australiaeast\",\"australiasoutheast\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"15*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), '/Microsoft.Automanage/', 'default')]\",\"properties\":{\"configurationProfile\":\"[parameters('configurationProfileAssignment')]\",\"accountId\":\"[parameters('automanageAccount')]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/270610db-8c04-438a-a739-e8e6745b22d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"270610db-8c04-438a-a739-e8e6745b22d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1396 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Flow + logs should be enabled for every network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + for flow log resources to verify if flow log status is enabled. Enabling flow + logs allows to log information about IP traffic flowing through network security + group. It can be used for optimizing network flows, monitoring throughput, + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkWatchers/flowLogs\"},{\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27960feb-a23c-4577-8d36-ef8b5f35e0be\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1074 - Access Control For Mobile Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27a69937-af92-4198-9b86-08d355c7e59a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -1930,7 +2165,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"283a4e29-69d5-4c94-b99e-29acf003c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1436 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property shuts down public connectivity such that + Azure SQL Server can only be accessed from a private endpoint. This configuration + disables the public network access for all databases under the Azure SQL Server.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -1948,7 +2188,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"AppServices\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2913021d-f2fd-4f3d-b958-22354e2bdbcb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"Service + Bus Premium namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Service Bus supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Service Bus will use to encrypt data in your namespace. Note that Service + Bus only supports encryption with customer-managed keys for premium namespaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"},{\"not\":{\"field\":\"Microsoft.ServiceBus/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"295fc8b1-dc9f-4f53-9c61-3f313ceab40a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -1969,8 +2217,8 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"},{\"properties\":{\"displayName\":\"Storage accounts should restrict network access using virtual network rules\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Protect your storage accounts from potential threats using virtual network rules as - a preferred method to IP-based filtering. Disallowing IP-based filtering prevents - public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"},{\"count\":{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]\"},\"greaterOrEquals\":1}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -2001,14 +2249,22 @@ interactions: ',', 'Audit Authorization Policy Change;ExpectedValue', '=', parameters('AuditAuthorizationPolicyChange')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a7a701e-dff3-4da9-9ec5-42cb98594c0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1274 - Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Synapse + workspace auditing settings should have action groups configured to capture + critical activities\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure your audit logs are as thorough as possible, the AuditActionsAndGroups + property should include all the relevant groups. We recommend adding at least + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, + and BATCH_COMPLETED_GROUP. This is sometimes required for compliance with + regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"FAILED_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"BATCH_COMPLETED_GROUP\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b18f286-371e-4b80-9887-04759970c0d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b18f286-371e-4b80-9887-04759970c0d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1603 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b909c26-162f-47ce-8e15-0c1f55632eac\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should enable data encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using data encryption. For each Cognitive Services account with storage, should enable data encryption @@ -2079,7 +2335,21 @@ interactions: auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Managed + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Public + network access on Azure IoT Hub should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure IoT Hub should use customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encryption + of data at rest in IoT Hub with customer-managed key adds a second layer of + encryption on top of the default service-managed keys, enables customer control + of keys, custom rotation policies, and ability to manage access to data through + key access control. Customer-managed keys must be configured during creation + of IoT Hub. For more information on how to configure customer-managed keys, + see https://aka.ms/iotcmk.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"lessOrEquals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\"},{\"properties\":{\"displayName\":\"Managed workspace virtual network on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling a managed workspace virtual network ensures that your workspace is network isolated from other workspaces. Data integration and Spark resources deployed @@ -2142,7 +2412,13 @@ interactions: Defender for Storage provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cache for Redis resource so that it's + not accessible over the public internet. This helps protect the cache against + data leakage risks.\",\"metadata\":{\"category\":\"Cache\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17\"],\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-06-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/30b3dfa5-a70d-4c8e-bed6-0083858f663d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"30b3dfa5-a70d-4c8e-bed6-0083858f663d\"},{\"properties\":{\"displayName\":\"Audit Windows machines missing any of specified members in the Administrators group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators @@ -2180,14 +2456,21 @@ interactions: Greater Risk\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"31b752c1-05a9-432a-8fce-c39b56550119\"},{\"properties\":{\"displayName\":\"[Preview]: - Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"Microsoft + Log Analytics Agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Windows OS to + add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Linux OS to add + to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"API + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of an API app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/324c7761-08db-4474-9661-d1039abc92ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"324c7761-08db-4474-9661-d1039abc92ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1587 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32820956-9c6d-4376-934c-05cd8525be7c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -2302,7 +2585,12 @@ interactions: '/AzurePolicyforLinux')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforLinux\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3470477a-b35a-49db-aca5-1073d04524fe\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1151 - System Interconnections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Azure + Synapse workspaces should allow outbound data traffic only to approved targets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Increase + security of your Synapse workspace by allowing outbound data traffic only + to approved targets. This helps prevention against data exfiltration by validating + the target before sending data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"field\":\"Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.preventDataExfiltration\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3484ce98-c0c5-4c83-994b-c5ac24785218\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1412 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3492d949-0dbb-4589-88b3-7b59601cc764\"},{\"properties\":{\"displayName\":\"Microsoft @@ -2315,22 +2603,22 @@ interactions: accounts should restrict network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To - allow connections from specific internet or on-premise clients, access can + allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet - IP address ranges\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + IP address ranges\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34c877ad-507e-4c82-993e-3452a6e0ad3c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Resource logs in Logic Apps should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Logic + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Logic Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1210 - Configuration Settings\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3502c968-c490-4570-8167-1476f955e9b8\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -2549,7 +2837,7 @@ interactions: implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36b0ef30-366f-4b1b-8652-a3511df11f53\"},{\"properties\":{\"displayName\":\"Deploy Threat Detection on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This - policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), + policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), '/Default')]\",\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"emailAccountAdmins\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -2609,7 +2897,24 @@ interactions: servers;ExpectedValue\",\"value\":\"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid topics to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36ea4b4b-0f7f-4a54-89fa-ab18f555a172\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/domains/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"domain\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36f4658a-848a-467b-881c-e6fa20cf75fc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36f4658a-848a-467b-881c-e6fa20cf75fc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36fbe499-f2f2-41b6-880e-52d7ea1d94a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -2641,15 +2946,15 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.Storage/StorageAccounts\"]},{\"value\":\"[field('type')]\",\"equals\":\"Microsoft.ClassicStorage/storageAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Resource logs in IoT Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Internet + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Internet of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Windows Guest Configuration extension to Windows virtual @@ -2740,7 +3045,16 @@ interactions: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3abeb944-26af-43ee-b83d-32aaf060fb94\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1548 - Vulnerability Scanning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Azure + Synapse workspaces, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-with-private-links.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Dev\"],\"requestMessage\":\"Auto + approved by policy assignment\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b3b0c27-08d2-4b32-879d-19930bee3266\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b3b0c27-08d2-4b32-879d-19930bee3266\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\"},{\"properties\":{\"displayName\":\"Microsoft @@ -2752,14 +3066,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"operationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operation Name\",\"description\":\"Security Operation name for which activity log alert should exist\"},\"allowedValues\":[\"Microsoft.Security/policies/write\",\"Microsoft.Security/securitySolutions/write\",\"Microsoft.Security/securitySolutions/delete\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/ActivityLogAlerts\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/enabled\",\"equals\":\"true\"},{\"count\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"Security\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"[parameters('operationName')]\"}]}]}},\"equals\":2},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"}},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b980d31-7904-4bb7-8575-5665739a8052\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machine scale sets if the VM Image (OS) - is in the list defined and the agent is not installed. The list of OS images - will be updated over time as support is updated. Note: if your scale set upgradePolicy - is set to Manual, you need to apply the extension to the all virtual machines - in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), + - Configure Dependency agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machine scale sets if the virtual machine + image is in the list defined and the agent is not installed. If your scale + set upgradePolicy is set to Manual, you need to apply the extension to all + the virtual machines in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"},{\"properties\":{\"displayName\":\"PostgreSQL server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual @@ -2768,28 +3083,28 @@ interactions: Azure boundary. This policy provides a way to audit if the Azure Database for PostgreSQL has virtual network service endpoint being used.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c14b034-bcb6-4905-94e7-5b8e98a47b65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c14b034-bcb6-4905-94e7-5b8e98a47b65\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets if the VM Image - (OS) is in the list defined and the agent is not installed. The list of OS - images will be updated over time as support is updated. Note: if your scale - set upgradePolicy is set to Manual, you need to apply the extension to the - all VMs in the set by calling upgrade on them. In CLI this would be az vmss - update-instances.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machine scale sets if the virtual + machine image is in the list defined and the agent is not installed. If your + scale set upgradePolicy is set to Manual, you need to apply the extension + to all the virtual machine in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c1b3629-c8f8-4bf6-862c-037cb9094038\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the OS vulnerabilities on your virtual machine scale sets to protect them - from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + from attacks.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1621 - Resource Availability\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3cb9f731-744a-4691-a481-ca77b0411538\"},{\"properties\":{\"displayName\":\"Microsoft @@ -2852,7 +3167,13 @@ interactions: to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\",\"16.04-LTS\",\"16.04.0-LTS\",\"14.04.2-LTS\",\"12.04.5-LTS\"]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"OmsAgentForLinux\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('vmName'),'/omsPolicy')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2017-12-01\",\"properties\":{\"publisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"type\":\"OmsAgentForLinux\",\"typeHandlerVersion\":\"1.4\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled - monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"Microsoft + monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"App + Configuration should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d9f5e4c-9947-4579-9539-2a7695fbc187\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1385 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3e495e65-8663-49ca-9b38-9f45e800bc58\"},{\"properties\":{\"displayName\":\"Audit @@ -2981,13 +3302,15 @@ interactions: Managed Control 1202 - Access Restrictions For Change\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40a2a83b-74f2-4c02-ae65-f460a5d2792a\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Machine + Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you'll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit a tag from the subscription if missing\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds the specified tag with its value from the containing subscription when any resource missing this tag is created or updated. Existing resources can be @@ -3013,7 +3336,15 @@ interactions: Monitor should collect activity logs from all regions\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Temp + disks and cache for agent node pools in Azure Kubernetes Service clusters + should be encrypted at host\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + enhance data security, the data stored on the virtual machine (VM) host of + your Azure Kubernetes Service nodes VMs should be encrypted at rest. This + is a common requirement in many regulatory and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"count\":{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"false\"}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41425d9f-d1a5-499a-9932-f8ed8453932c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1263 - Contingency Plan Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41472613-3b05-49f6-8fe8-525af113ce17\"},{\"properties\":{\"displayName\":\"Microsoft @@ -3041,14 +3372,14 @@ interactions: Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Resource logs in Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -3173,7 +3504,13 @@ interactions: Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should use a Private Link enabled SKU\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination which protect your resources + against public data leakage risks. The policy limits you to Private Link enabled + SKUs for Azure SignalR Service. Learn more about private link at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"field\":\"Microsoft.SignalRService/SignalR/sku.tier\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/464a1620-21b5-448d-8ce6-d4ac6d1bc49a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"464a1620-21b5-448d-8ce6-d4ac6d1bc49a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require SQL Server version 12.0\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures all SQL servers use version 12.0. This policy is deprecated because it is no longer possible to create an Azure SQL server with any version @@ -3197,11 +3534,26 @@ interactions: Services accounts should use customer owned storage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"[Preview]: + IoT Hub device provisioning service data should be encrypted using customer-managed + keys (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your IoT Hub device + provisioning service. The data is automatically encrypted at rest with service-managed + keys, but customer-managed keys (CMK) are commonly required to meet regulatory + compliance standards. CMKs enable the data to be encrypted with an Azure Key + Vault key created and owned by you. Learn more about CMK encryption at https://aka.ms/dps/CMK.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47031206-ce96-41f8-861b-6a915f3de284\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47031206-ce96-41f8-861b-6a915f3de284\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Storage + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the Azure Cache for + Redis isn't exposed on the public internet. You can limit exposure of your + Azure Cache for Redis by creating private endpoints instead. Learn more at: + https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"470baccb-7e51-4549-8b1a-3e5be069f663\"},{\"properties\":{\"displayName\":\"Storage accounts should have infrastructure encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted @@ -3210,11 +3562,15 @@ interactions: Cosmos DB key based metadata write access should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos - DB\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"notEquals\":true}]},\"then\":{\"effect\":\"append\",\"details\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"value\":true}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4750c32b-89c0-46af-bfcb-2e4541a818d5\"},{\"properties\":{\"displayName\":\"Automatic - provisioning of the Log Analytics monitoring agent should be enabled on your - subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - automatic provisioning of the Log Analytics monitoring agent in order to collect - security data\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + DB\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"notEquals\":true}]},\"then\":{\"effect\":\"append\",\"details\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"value\":true}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4750c32b-89c0-46af-bfcb-2e4541a818d5\"},{\"properties\":{\"displayName\":\"Auto + provisioning of the Log Analytics agent should be enabled on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + monitor for security vulnerabilities and threats, Azure Security Center collects + data from your Azure virtual machines. Data is collected by the Log Analytics + agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads + various security-related configurations and event logs from the machine and + copies the data to your Log Analytics workspace for analysis. We recommend + enabling auto provisioning to automatically deploy the agent to all supported + Azure VMs and any new ones that are created.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"475aae12-b88a-4572-8b36-9b712b2b3a17\"},{\"properties\":{\"displayName\":\"Adaptive application controls for defining safe applications should be enabled on your @@ -3223,9 +3579,16 @@ interactions: on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the - applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Configure + Cognitive Services accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Cognitive Services resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at: https://go.microsoft.com/fwlink/?linkid=2129800.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Disabled\",\"Modify\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2017-04-18')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -3367,13 +3730,15 @@ interactions: Managed Control 1094 - Role-Based Security Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b1853e0-8973-446b-b567-09d901d31a09\"},{\"properties\":{\"displayName\":\"Azure - Event Grid topics should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid topics that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid topics should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid topic instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4c090801-59bc-4454-bb33-e0455133486a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -3398,7 +3763,14 @@ interactions: Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"MaximumPasswordAge\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"Function + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a function app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4d0bc837-6eff-477e-9ecd-33bf8d4212a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4d0bc837-6eff-477e-9ecd-33bf8d4212a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -3498,25 +3870,46 @@ interactions: Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints that connect to Batch + accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + DNS records allow private connections to private endpoints. Private endpoint + connections allow secure communication by enabling private connectivity to + Batch accounts without a need for public IP addresses at the source or destination. + For more information on private endpoints and DNS zones in Batch, see https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + private DNS zone to deploy in a new private DNS zone group and link to the + private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"batchAccount\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"batchAccount-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec38ebc-381f-45ee-81a4-acbc4be878f8\"},{\"properties\":{\"displayName\":\"Azure + data factories should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Data + Factory. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/adf-cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/encryption.vaultBaseUrl\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec52d6d-beb7-40c4-9a9e-fe753254690e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1139 - Audit Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ed62522-de00-4dda-9810-5205733d2f34\"},{\"properties\":{\"displayName\":\"A maximum of 3 owners should be designated for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate up to 3 subscription owners in order to reduce - the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f26049b-2c5a-4841-9ff3-d48a26aae475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f34f554-da4b-4786-8d66-7915c90893da\"},{\"properties\":{\"displayName\":\"A - security contact email address should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter - an email address to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f34f554-da4b-4786-8d66-7915c90893da\"},{\"properties\":{\"displayName\":\"Subscriptions + should have a contact email address for security issues\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, set a security contact + to receive email notifications from Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/email\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\"},{\"properties\":{\"displayName\":\"Add a tag to resources\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds @@ -3530,7 +3923,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f9dc7db-30c1-420c-b61a-e1d640128d26\"},{\"properties\":{\"displayName\":\"[Preview]: Storage account public access should be disallowed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Anonymous public read access to containers and blobs in Azure Storage is a convenient - way to share data, but might present security risks. To prevent data breaches + way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.\",\"metadata\":{\"version\":\"2.0.1-preview\",\"category\":\"Storage\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"The effect determines what happens when the policy @@ -3541,16 +3934,53 @@ interactions: is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this - tool for you.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + tool for you.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"550e890b-e652-4d22-8274-60b3bdb24c63\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1485 - Delivery And Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50301354-95d0-4a11-8af5-8039ecf6d38b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Deploy + Workflow Automation for Azure Security Center regulatory compliance\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + automation of Azure Security Center regulatory compliance. This policy deploys + a workflow automation with your conditions and triggers on the assigned scope. + To deploy this policy on newly created subscriptions, open the Compliance + tab, select the relevant non-compliant assignment and create a remediation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\",\"preview + \":true},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name\",\"description\":\"The resource group name where the workflow + automation is created. If you enter a name for a resource group that doesn't + exist, it'll be created in the subscription.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group location\",\"description\":\"The location where the resource group and + the workflow automation are created.\",\"strongType\":\"location\"}},\"regulatoryComplianceStandards\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + standards names\",\"description\":\"For all compliance standards, leave it + empty. For specific compliance standards, enter a list of standards names + separated by semicolons (';'). Compliance standards names are available through + the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"regulatoryComplianceControlStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + control states\",\"description\":\"Determines compliance control states.\"},\"allowedValues\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"],\"defaultValue\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + app trigger\",\"description\":\"The trigger connector of the logic app that + is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an + Azure Security Center regulatory compliance assessment is created or triggered'.\"},\"allowedValues\":[\"Manual + (Incoming HTTP request)\",\"When an Azure Security Center regulatory compliance + assessment is created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets\",\"exists\":false},{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"less\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceControlStates')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\",\"name\":\"regulatoryComplianceControlState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.state\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceControlState')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceControlStates'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceStandards')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\",\"name\":\"regulatoryComplianceStandard\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"id\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceStandard')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceStandards'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"notEquals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('regulatoryComplianceStandards'),parameters('regulatoryComplianceControlStates'))]\"},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\"},\"equals\":\"[mul(2,mul(length(parameters('regulatoryComplianceStandards')),length(parameters('regulatoryComplianceControlStates'))))]\"}]}]}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"regulatoryComplianceStandards\":{\"type\":\"array\"},\"regulatoryComplianceControlStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + for subscription {0}\",\"regulatoryComplianceStandardsLength\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"regulatoryComplianceControlStatesLength\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"regulatoryComplianceStandardsLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsLength'), + 0), 1, variables('regulatoryComplianceStandardsLength'))]\",\"regulatoryComplianceControlStatesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceControlStatesLength'), + 0), 1, variables('regulatoryComplianceControlStatesLength'))]\",\"stateMap\":{\"Failed\":\"failed\",\"Passed\":\"passed\",\"Skipped\":\"skipped\",\"Unsupported\":\"unsupported\"},\"triggerMap\":{\"Manual + (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center regulatory + compliance assessment is created or triggered\":\"When_a_Security_Center_Regulatory_Compliance_Assessment_is_created_or_triggered\"},\"doesAllStatesSelected\":\"[if(equals(length(parameters('regulatoryComplianceControlStates')),length(variables('stateMap'))),bool('true'),bool('false'))]\",\"doesAllStandardsSelected\":\"[if(equals(variables('regulatoryComplianceStandardsLength'),0),bool('true'),bool('false'))]\",\"allRegulatoryComplianceRuleSets\":[],\"customStandardsOrCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsOrCustomStateRuleSetsArr\",\"count\":\"[if(not(variables('doesAllStandardsSelected')),variables('regulatoryComplianceStandardsLength'),if(not(variables('doesAllStatesSelected')),variables('regulatoryComplianceControlStatesLength'),1))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(not(variables('doesAllStandardsSelected')),'id',if(not(variables('doesAllStatesSelected')),'properties.state',json('null')))]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],json('null')))]\",\"operator\":\"[if(not(variables('doesAllStandardsSelected')),'Contains',if(not(variables('doesAllStatesSelected')),'Equals',json('null')))]\"}]}}]},\"customStandardsAndCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsAndCustomStateRuleSetsArr\",\"count\":\"[if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),mul(variables('regulatoryComplianceStandardsLength'),variables('regulatoryComplianceControlStatesLength')),1)]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[mod(div(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength')), variables('regulatoryComplianceStandardsLength'))],json('null'))]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.state\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[mod(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength'))],json('null'))]\",\"operator\":\"Equals\"}]}}]},\"sourceRuleSets\":\"[if(and(variables('doesAllStandardsSelected'),variables('doesAllStatesSelected')),variables('allRegulatoryComplianceRuleSets'),if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),variables('customStandardsAndCustomStateRuleSets').customStandardsAndCustomStateRuleSetsArr,variables('customStandardsOrCustomStateRuleSets').customStandardsOrCustomStateRuleSetsArr))]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', + parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"[parameters('automationName')]\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Workflow + Automation for Azure Security Center recommendations via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":[{\"eventSource\":\"RegulatoryComplianceAssessment\",\"ruleSets\":\"[variables('sourceRuleSets')]\"}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"regulatoryComplianceStandards\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\"},\"regulatoryComplianceControlStates\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/509122b9-ddd9-47ba-a5f1-d0dac20be63c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"509122b9-ddd9-47ba-a5f1-d0dac20be63c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1566 - System Development Life Cycle\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50ad3724-e2ac-4716-afcc-d8eabd97adb9\"},{\"properties\":{\"displayName\":\"A @@ -3571,7 +4001,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50fc602d-d8e0-444b-a039-ad138ee5deb0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1386 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Bot + Service should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Bot Service automatically encrypts your resource to protect your data and + meet organizational security and compliance commitments. By default, Microsoft-managed + encryption keys are used. For greater flexibility in managing keys or controlling + access to your subscription, select customer-managed keys, also known as bring + your own key (BYOK). Learn more about Azure Bot Service encryption: https://docs.microsoft.com/azure/bot-service/bot-service-encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/isCmekEnabled\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/51522a96-0869-4791-82f3-981000c2c67f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"51522a96-0869-4791-82f3-981000c2c67f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1352 - Incident Response Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"518cb545-bfa8-43f8-a108-3b7d5037469a\"},{\"properties\":{\"displayName\":\"Azure @@ -3579,7 +4017,13 @@ interactions: Defender for Kubernetes provides real-time threat protection for containerized environments and generates alerts for suspicious activities.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Synapse + workspaces should be configured with 90 days auditing retention or higher.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"For + incident investigation purposes, we recommend setting the data retention for + your Synapse workspace' audit to at least 90 days. Confirm that you're meeting + the necessary retention rules for the regions in which you're operating. This + is sometimes required for compliance with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/529ea018-6afc-4ed4-95bd-7c9ee47b00bc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"529ea018-6afc-4ed4-95bd-7c9ee47b00bc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1642 - Network Disconnect\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53397227-5ee3-4b23-9e5e-c8a767ce6928\"},{\"properties\":{\"displayName\":\"Connection @@ -3588,12 +4032,14 @@ interactions: throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"connection_throttling\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5345bb39-67dc-4960-a1bf-427e16b9a0bd\"},{\"properties\":{\"displayName\":\"Azure - SignalR Service should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure SignalR Service resources that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft + SignalR Service should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your SignalR resources + instead of the entire service, you'll also be protected against data leakage + risks .Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1467 - Visitor Access Records\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5350cbf9-8bdd-4904-b22a-e88be84ca49d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -3620,11 +4066,11 @@ interactions: Managed Control 1045 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\"},{\"properties\":{\"displayName\":\"[Preview]: - Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The - key vault firewall prevents unauthorized traffic from reaching your key vault + Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Key + vault's firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the - key vault firewall to make sure that only traffic from allowed networks can - access your key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + firewall to make sure that only traffic from allowed networks can access your + key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"field\":\"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"55615ac9-af46-4a59-874e-391cc3dfb490\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1523 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -3634,10 +4080,24 @@ interactions: Capacity\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"562afd61-56be-4313-8fe4-b9564aa4ba7d\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Application Gateway. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Microsoft + Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Azure + Automation accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Automation + Accounts. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/automation-cmk.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.Keyvault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56a5ee18-2ae6-4810-86f7-18e39ce5629b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -3654,18 +4114,21 @@ interactions: Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Audit - Windows web servers that are not using secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the registry key - HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols - includes protocols less secure than what is selected in the policy parameter.\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Windows + web servers should be configured to use secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"MinimumTLSVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Minimum TLS version\",\"description\":\"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as - non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', + non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', '=', parameters('MinimumTLSVersion')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5752e6d6-1206-46d8-8ab1-ecc2f71a8112\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1162 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -3687,7 +4150,15 @@ interactions: of critical processes.\"},\"allowedValues\":[\"No Auditing\",\"Success\",\"Failure\",\"Success and Failure\"],\"defaultValue\":\"No Auditing\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Audit - Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"Microsoft + Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"CosmosDB + accounts should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your CosmosDB account, data + leakage risks are reduced. Learn more about private links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58440f8a-10c5-4151-bdce-dfbaad4a20b7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58440f8a-10c5-4151-bdce-dfbaad4a20b7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1584 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5864522b-ff1d-4979-a9f8-58bee1fb174c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -3786,12 +4257,13 @@ interactions: Managed Control 1433 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b879b41-2728-41c5-ad24-9ee2c37cbe65\"},{\"properties\":{\"displayName\":\"Container - registries should be encrypted with a customer-managed key (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - or deny container registries that do not have encryption enabled with customer-managed - keys (CMK). Azure automatically encrypts registry contents at rest with service-managed - keys. You can supplement default encryption with an additional encryption - layer using a key that you create and manage in Azure Key Vault. For more - information on CMK encryption, please visit: https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Container + registries should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.2\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/encryption.status\",\"notEquals\":\"enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\"},{\"properties\":{\"displayName\":\"Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client @@ -3837,16 +4309,16 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Audit - Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Log + Analytics agent should be enabled in virtual machine scale sets for listed + virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1671 - Flaw Remediation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5bbef7-a316-415b-9b38-29753ce8e698\"},{\"properties\":{\"displayName\":\"Microsoft @@ -3855,9 +4327,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5e54f6-0127-44d0-8b61-f31dc8dd6190\"},{\"properties\":{\"displayName\":\"External accounts with write permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with write privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1483 - Water Damage Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5cb81060-3c8a-4968-bcdc-395a1801f6c1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -3925,27 +4397,67 @@ interactions: '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"},{\"properties\":{\"displayName\":\"[Preview]: Private endpoint should be configured for Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - link provides a way to connect key vault to your Azure resources without sending + link provides a way to connect Key Vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection - against data exfiltration.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + against data exfiltration.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Vulnerabilities + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Azure + Machine Learning workspaces should use user-assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manange + access to Azure ML workspace and associated resources, Azure Container Registry, + KeyVault, Storage, and App Insights using user-assigned managed identity. + By default, system-assigned managed identity is used by Azure ML workspace + to access the associated resources. User-assigned managed identity allows + you to create the identity as an Azure resource and maintain the life cycle + of that identity. Learn more at https://docs.microsoft.com/azure/machine-learning/how-to-use-managed-identities?tabs=python.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"exists\":false},{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0c7d88-c7de-45b8-ac49-db49e72eaa78\"},{\"properties\":{\"displayName\":\"Vulnerabilities in Azure Container Registry images should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Container image vulnerability assessment scans your registry for security vulnerabilities on each pushed container image and exposes detailed findings for each image (powered by Qualys). Resolving the vulnerabilities can greatly improve your - containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"equals\":\"Healthy\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f18c885-ade3-48c5-80b1-8f9216019c18\"},{\"properties\":{\"displayName\":\"External accounts with read permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with read privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityLinuxAgent\":\"[concat('deployAzureSecurityLinuxAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityLinuxAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityLinuxAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityLinuxAgent\",\"typeHandlerVersion\":\"2.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f8eb305-9c9f-4abe-9bb0-df220d9faba2\"},{\"properties\":{\"displayName\":\"[Deprecated]: Audit Windows virtual machines on which the Windows Guest Configuration extension is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits Windows virtual machines hosted in Azure that are supported @@ -4062,7 +4574,25 @@ interactions: toLower('microsoft.hybridcompute/machines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), - '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Service + '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Configure + private endpoints for App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints let you connect your virtual network to Azure services without a + public IP address at the source or destination. By mapping private endpoints + to your app configuration instances, data leakage risks are reduced. Learn + more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"configurationStores\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/614ffa75-862c-456e-ad8b-eaa1b0844b07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"614ffa75-862c-456e-ad8b-eaa1b0844b07\"},{\"properties\":{\"displayName\":\"Bot + Service endpoint should be a valid HTTPS URI\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission. Protocols exist that provide encryption + to address problems of misuse and tampering. To ensure your bots are communicating + only over encrypted channels, set the endpoint to a valid HTTPS URI. This + ensures the HTTPS protocol is used to encrypt your data in transit and is + also often a requirement for compliance with regulatory or industry standards. + Please visit: https://docs.microsoft.com/azure/bot-service/bot-builder-security-guidelines.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/endpoint\",\"notLike\":\"https://*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6164527b-e1ee-4882-8673-572f425f5e0a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6164527b-e1ee-4882-8673-572f425f5e0a\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the @@ -4106,7 +4636,15 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"WorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Connected workspace IDs\",\"description\":\"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"}}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId', - '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Microsoft + '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Modify + Azure SignalR Service resources to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"Audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"value\":\"Deny\"},{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"value\":[]}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62a3ae95-8169-403e-a2d2-b82141448092\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62a3ae95-8169-403e-a2d2-b82141448092\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62b638c5-29d7-404b-8d93-f21e4b1ce198\"},{\"properties\":{\"displayName\":\"Microsoft @@ -4127,12 +4665,13 @@ interactions: if it can't establish a connection.\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsRemoteConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[WindowsRemoteConnection]WindowsRemoteConnection1;host', '=', parameters('host'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;port', '=', parameters('port'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect', - '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Audit - Linux machines that are not using SSH key for authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if Non-compliant if - the machine allows passwords for authenticating through SSH\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Authentication + to Linux machines should require SSH keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Although + SSH itself provides an encrypted connection, using passwords with SSH still + leaves the VM vulnerable to brute-force attacks. The most secure option for + authenticating to an Azure Linux virtual machine over SSH is with a public-private + key pair, also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxNoPasswordForSSH\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630c64f9-8b6b-4c64-b511-6544ceff6fd6\"},{\"properties\":{\"displayName\":\"Microsoft @@ -4170,7 +4709,15 @@ interactions: Allowed to format and eject removable media;ExpectedValue\",\"value\":\"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure HDInsight + clusters. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/hdi.cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.keyName\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/64d314f6-6062-4780-a861-c23e8951bee5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"64d314f6-6062-4780-a861-c23e8951bee5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6519d7f3-e8a2-4ff3-a935-9a9497152ad7\"},{\"properties\":{\"displayName\":\"Microsoft @@ -4211,12 +4758,14 @@ interactions: Managed Control 1319 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"66f7ae57-5560-4fc5-85c9-659f204e7a42\"},{\"properties\":{\"displayName\":\"Cognitive - Services accounts should enable data encryption with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed - keys provide enhanced data protection by allowing you to manage your encryption - keys for data stored in Cognitive Services. This is often required to meet - compliance requirements.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cognitive + Services accounts should enable data encryption with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed keys at https://go.microsoft.com/fwlink/?linkid=2121321.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*]\",\"where\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*].name\",\"equals\":\"CustomerManagedKey\"}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67de62b4-a737-4781-8861-3baed3c35069\"},{\"properties\":{\"displayName\":\"Windows @@ -4244,7 +4793,17 @@ interactions: insecure guest logons;ExpectedValue', '=', parameters('EnableInsecureGuestLogons'), ',', 'Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue', '=', parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'), - ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"Microsoft + ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked service resource type should be in allow list\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Define + the allow list of Azure Data Factory linked service types. Restricting allowed + resource types enables control over the boundary of data movement. For example, + restrict a scope to only allow blob storage with Data Lake Storage Gen1 and + Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time + queries.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"allowedLinkedServiceResourceTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed linked service resource types\",\"description\":\"The list of allowed + linked service resource types.\"},\"allowedValues\":[\"AdlsGen2CosmosStructuredStream\",\"AdobeExperiencePlatform\",\"AdobeIntegration\",\"AmazonRedshift\",\"AmazonS3\",\"AzureBlobFS\",\"AzureBlobStorage\",\"AzureDataExplorer\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureDataShare\",\"AzureFileStorage\",\"AzureKeyVault\",\"AzureMariaDB\",\"AzureMySql\",\"AzurePostgreSql\",\"AzureSearch\",\"AzureSqlDatabase\",\"AzureSqlDW\",\"AzureSqlMI\",\"AzureTableStorage\",\"Cassandra\",\"CommonDataServiceForApps\",\"CosmosDb\",\"CosmosDbMongoDbApi\",\"Db2\",\"DynamicsCrm\",\"FileServer\",\"FtpServer\",\"GitHub\",\"GoogleCloudStorage\",\"Hdfs\",\"Hive\",\"HttpServer\",\"Informix\",\"Kusto\",\"MicrosoftAccess\",\"MySql\",\"Netezza\",\"Odata\",\"Odbc\",\"Office365\",\"Oracle\",\"PostgreSql\",\"Salesforce\",\"SalesforceServiceCloud\",\"SapBw\",\"SapHana\",\"SapOpenHub\",\"SapTable\",\"Sftp\",\"SharePointOnlineList\",\"Snowflake\",\"SqlServer\",\"Sybase\",\"Teradata\",\"HDInsightOnDemand\",\"HDInsight\",\"AzureDataLakeAnalytics\",\"AzureBatch\",\"AzureFunction\",\"AzureML\",\"AzureMLService\",\"MongoDb\",\"GoogleBigQuery\",\"Impala\",\"ServiceNow\",\"Dynamics\",\"AzureDatabricks\",\"AmazonMWS\",\"SapCloudForCustomer\",\"SapEcc\",\"Web\",\"MongoDbAtlas\",\"HBase\",\"Spark\",\"Phoenix\",\"PayPal\",\"Marketo\",\"Responsys\",\"SalesforceMarketingCloud\",\"Presto\",\"Square\",\"Xero\",\"Jira\",\"Magento\",\"Shopify\",\"Concur\",\"Hubspot\",\"Zoho\",\"Eloqua\",\"QuickBooks\",\"Couchbase\",\"Drill\",\"Greenplum\",\"MariaDB\",\"Vertica\",\"MongoDbV2\",\"OracleServiceCloud\",\"GoogleAdWords\",\"RestService\",\"DynamicsAX\",\"AzureDataCatalog\",\"AzureDatabricksDeltaLake\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"notIn\":\"[parameters('allowedLinkedServiceResourceTypes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6809a3d0-d354-42fb-b955-783d207c62a8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6809a3d0-d354-42fb-b955-783d207c62a8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -4363,9 +4922,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\"},{\"properties\":{\"displayName\":\"Deprecated accounts should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are - accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Service Bus to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Service Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is created @@ -4386,16 +4945,51 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationalLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b51af03-9277-49a9-a3f8-1c69c9ff7403\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1031 - Separation Of Duties\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Not - allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This - policy enables you to specify the resource types that your organization cannot - deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Vulnerabilities + on your SQL servers on machine should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + Vulnerability Assessment scans your database for security vulnerabilities, + and exposes any deviations from best practices such as misconfigurations, + excessive permissions, and unprotected sensitive data. Resolving the vulnerabilities + found can greatly improve your database security posture.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f97aa83c-9b63-4f9a-99f6-b22c4398f936\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\"},{\"properties\":{\"displayName\":\"Not + allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict + which resource types can be deployed in your environment. Limiting resource + types can reduce the complexity and attack surface of your environment while + also helping to manage costs. Compliance results are only shown for non-compliant + resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of resource types that cannot be deployed.\",\"displayName\":\"Not allowed - resource types\",\"strongType\":\"resourceTypes\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft + resource types\",\"strongType\":\"resourceTypes\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},{\"value\":\"[field('type')]\",\"exists\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Kubernetes Service to stream resource logs + to a Log Analytics workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKubernetesDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Azure Kubernetes Service should be connected to\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AllMetrics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-apiserver\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-apiserver + - Enabled\",\"description\":\"Whether to stream kube-apiserver logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit + - Enabled\",\"description\":\"Whether to stream kube-audit logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-controller-manager\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-controller-manager + - Enabled\",\"description\":\"Whether to stream kube-controller-manager logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-scheduler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-scheduler + - Enabled\",\"description\":\"Whether to stream kube-scheduler logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"cluster-autoscaler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"cluster-autoscaler + - Enabled\",\"description\":\"Whether to stream cluster-autoscaler logs to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit-admin\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit-admin + - Enabled\",\"description\":\"Whether to stream kube-audit-admin logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"guard\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"guard + - Enabled\",\"description\":\"Whether to stream guard logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AllMetrics\":{\"type\":\"string\"},\"kube-apiserver\":{\"type\":\"string\"},\"kube-audit\":{\"type\":\"string\"},\"kube-controller-manager\":{\"type\":\"string\"},\"kube-scheduler\":{\"type\":\"string\"},\"cluster-autoscaler\":{\"type\":\"string\"},\"kube-audit-admin\":{\"type\":\"string\"},\"guard\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.ContainerService/managedClusters/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetrics')]\"}],\"logs\":[{\"category\":\"kube-apiserver\",\"enabled\":\"[parameters('kube-apiserver')]\"},{\"category\":\"kube-audit\",\"enabled\":\"[parameters('kube-audit')]\"},{\"category\":\"kube-controller-manager\",\"enabled\":\"[parameters('kube-controller-manager')]\"},{\"category\":\"kube-scheduler\",\"enabled\":\"[parameters('kube-scheduler')]\"},{\"category\":\"cluster-autoscaler\",\"enabled\":\"[parameters('cluster-autoscaler')]\"},{\"category\":\"kube-audit-admin\",\"enabled\":\"[parameters('kube-audit-admin')]\"},{\"category\":\"guard\",\"enabled\":\"[parameters('guard')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"guard\":{\"value\":\"[parameters('guard')]\"},\"AllMetrics\":{\"value\":\"[parameters('AllMetrics')]\"},\"kube-apiserver\":{\"value\":\"[parameters('kube-apiserver')]\"},\"kube-audit\":{\"value\":\"[parameters('kube-audit')]\"},\"kube-scheduler\":{\"value\":\"[parameters('kube-scheduler')]\"},\"kube-controller-manager\":{\"value\":\"[parameters('kube-controller-manager')]\"},\"cluster-autoscaler\":{\"value\":\"[parameters('cluster-autoscaler')]\"},\"kube-audit-admin\":{\"value\":\"[parameters('kube-audit-admin')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c66c325-74c8-42fd-a286-a74b0e2939d8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -4424,17 +5018,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dab4254-c30d-4bb7-ae99-1d21586c063c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1651 - Mobile Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Enable + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts with private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. You + need private DNS zone properly configured to connect to Azure Automation account + via Azure Private Link. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint group id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"automationAccounts-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dd01e4f-1be1-4e80-9d0b-d109e04cb064\"},{\"properties\":{\"displayName\":\"Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace.\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using ASC default workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6df2fee6-a9ed-4fef-bced-e13be1b25f1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6df2fee6-a9ed-4fef-bced-e13be1b25f1c\"},{\"properties\":{\"displayName\":\"Email - notification for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - emailing security alerts to the security contact, in order to have them receive - security alert emails from Microsoft. This ensures that the right people are - aware of any potential security issues and are able to mitigate the risks\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + notification for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, enable email notifications + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertNotifications\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e2593d9-add6-4083-9c9b-4b7d2188c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1586 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -4448,20 +5051,58 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e8f9566-29f1-49cd-b61f-f8628a3cf993\"},{\"properties\":{\"displayName\":\"Storage account should use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private links enforce secure communication, by providing private connectivity to the - storage account\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft + storage account\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1460 - Access Control For Output Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f3ce1bb-4f77-4695-8355-70b08d54fdda\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1320 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Storage - account should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure - your storage account with greater flexibility using customer-managed keys - (CMKs). When you specify a CMK, that key is used to protect and control access - to the key that encrypts your data. Using CMKs provides additional capabilities - to control rotation of the key encryption key or cryptographically erase data.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for storage accounts to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for storage accounts to stream resource logs to a + Log Analytics workspace when any storage account which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"category\":\"Storage\",\"version\":\"1.1.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"storageAccountsDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the storage account should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"StorageDelete\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageDelete + - Enabled\",\"description\":\"Whether to stream StorageDelete logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageWrite\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageWrite + - Enabled\",\"description\":\"Whether to stream StorageWrite logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageRead\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageRead + - Enabled\",\"description\":\"Whether to stream StorageRead logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Transaction\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Transaction + - Enabled\",\"description\":\"Whether to stream Transaction logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Transaction\":{\"type\":\"string\"},\"StorageRead\":{\"type\":\"string\"},\"StorageWrite\":{\"type\":\"string\"},\"StorageDelete\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.storage/storageAccounts/blobServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/fileServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/tableServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/queueServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"Transaction\":{\"value\":\"[parameters('Transaction')]\"},\"StorageDelete\":{\"value\":\"[parameters('StorageDelete')]\"},\"StorageWrite\":{\"value\":\"[parameters('StorageWrite')]\"},\"StorageRead\":{\"value\":\"[parameters('StorageRead')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f8f98a4-f108-47cb-8e98-91a0d85cd474\"},{\"properties\":{\"displayName\":\"Storage + accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Workbooks + should be saved to storage accounts that you control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + bring your own storage (BYOS), your workbooks are uploaded into a storage + account that you control. That means you control the encryption-at-rest policy, + the lifetime management policy, and network access. You will, however, be + responsible for the costs associated with that storage account. For more information, + visit https://aka.ms/workbooksByos\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Audit, + Deny, or Disable the execution of this policy\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"microsoft.insights/workbooks\"},{\"field\":\"microsoft.insights/workbooks/storageUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fc8115b-2008-441f-8c61-9b722c1e537f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fc8115b-2008-441f-8c61-9b722c1e537f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/topics/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"topic\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fdefbf4-93e7-4513-bc95-c1858b7093e0\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -4478,14 +5119,22 @@ interactions: or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"[Deprecated]: + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"OS + and data disks should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your managed disks. By default, the data is encrypted at rest with platform-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"value\":\"[length(field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"true\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]'))]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"anyOf\":[{\"count\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]\",\"where\":{\"value\":\"[length(current('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"exists\":\"true\"}}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"702dd420-7fcc-42c5-afe8-4026edd20fe0\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. @@ -4676,13 +5325,13 @@ interactions: or to include additional functionality. Using the latest Python version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this - policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7238174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the WEB app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws @@ -4693,7 +5342,15 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Preview]: + Windows machines should meet requirements of the Azure Security Center baseline\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires + that prerequisites are deployed to the policy assignment scope. For details, + visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not + configured correctly for one of the recommendations in the Azure Security + Center baseline.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureWindowsBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Include Arc connected servers\",\"description\":\"By selecting this option, + you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureWindowsBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -4720,7 +5377,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"726aca4c-86e9-4b04-b0c5-073027359532\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoints can be configured to connect privately to an Azure Synapse workspace. - This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"count\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72d11df1-dd8a-41f7-8925-b05b960ebafc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72d11df1-dd8a-41f7-8925-b05b960ebafc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1524 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -4731,7 +5388,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"731856d8-1598-4b75-92de-7d46235747c0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Configure + App Configuration to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for App Configuration so that it isn't accessible over + the public internet. This configuration helps protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73290fa2-dfa7-4bbb-945d-a5e23b75df2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73290fa2-dfa7-4bbb-945d-a5e23b75df2c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1456 - Physical Access Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"733ba9e3-9e7c-440a-a7aa-6196a90a2870\"},{\"properties\":{\"displayName\":\"Deploy @@ -4740,7 +5405,7 @@ interactions: workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation - task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow automation is created. If you enter a name for a resource group that doesn't @@ -4750,8 +5415,7 @@ interactions: IDs\",\"description\":\"For all recommendations, leave empty. For specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/en-us/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"recommendationStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation states\",\"description\":\"Determines recommendation states. Recommendations @@ -4760,13 +5424,14 @@ interactions: detects it as healthy. A recommendation is not-applicable if, for example, it was disabled in the Security Policy. Example: Healthy;Unhealthy;Not Applicable;\"},\"allowedValues\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"],\"defaultValue\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Recommendation is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Recommendation is - created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(if(equals(length(parameters('recommendationNames')),0),array('Microsoft.Security/assessments'),parameters('recommendationNames')),parameters('recommendationSeverities'),if(contains(parameters('recommendationStates'),'Not + Applicable'),union(parameters('recommendationStates'), array('notapplicable')),parameters('recommendationStates')))]\"},{\"count\":{\"value\":\"[parameters('recommendationSeverities')]\",\"name\":\"recommendationSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.metadata.severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationSeverity')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationSeverities'))]\"},{\"count\":{\"value\":\"[parameters('recommendationStates')]\",\"name\":\"recommendationState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.status.code\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[replace(current('recommendationState'), + ' ','')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationSeverities')))]\"}},\"equals\":\"[length(parameters('recommendationStates'))]\"},{\"count\":{\"value\":\"[parameters('recommendationNames')]\",\"name\":\"recommendationName\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"name\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationName')]\"}]}},\"equals\":\"[mul(length(parameters('recommendationSeverities')),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationNames'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"recommendationStatesLength\":\"[length(parameters('recommendationStates'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"recommendationStatesLengthIfEmpty\":\"[if(equals(variables('recommendationStatesLength'), @@ -4783,15 +5448,25 @@ interactions: variables('totalRuleCombinationsForOneRecommendationName')), variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationSeverity')), variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"},{\"propertyJPath\":\"properties.status.code\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('stateMap')[parameters('recommendationStates')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationState')), variables('recommendationStatesLength'))]]]\",\"operator\":\"Contains\"}]}}]}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), - '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"Microsoft + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"API + Management service should use a SKU that supports virtual networks\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of API Management, deploying service into a virtual network + unlocks advanced API Management networking and security features which provides + you greater control over your network security configuration. Learn more at: + https://aka.ms/apimvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + list of SKUs that can be specified for Azure API Management service.\",\"displayName\":\"Allowed + SKUs\"},\"allowedValues\":[\"Developer\",\"Basic\",\"Standard\",\"Premium\",\"Isolated\",\"Consumption\"],\"defaultValue\":[\"Developer\",\"Premium\",\"Isolated\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ApiManagement/service\"},{\"not\":{\"field\":\"Microsoft.ApiManagement/service/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73ef9241-5d81-4cd4-b483-8443d1730fe5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1581 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"742b549b-7a25-465f-b83c-ea1ffb4f4e0e\"},{\"properties\":{\"displayName\":\"Allowed storage account SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of storage account SKUs that your organization - can deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + can deploy.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of SKUs that can be specified for storage accounts.\",\"displayName\":\"Allowed - SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft + SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\"},{\"properties\":{\"displayName\":\"Ensure @@ -4800,14 +5475,19 @@ interactions: or to include additional functionality. Using the latest Python version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Microsoft + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Batch accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access on a Batch account improves security by ensuring your + Batch account can only be accessed from a private endpoint. Learn more about + disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c5a0ae-5e48-4738-b093-65e23a060488\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7522ed84-70d5-4181-afc0-21e50b1b6d0e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -4823,7 +5503,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75603f96-80a1-4757-991d-5a1221765ddd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Private + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Configure + Azure Migrate resources to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Migrate + project. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Migrate\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"Default\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/assessmentProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/migrateProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.OffAzure/masterSites\"}]}]}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"default-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7590a335-57cf-4c95-babd-ecbc8fafeb1f\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MySQL. Configure a private endpoint connection to enable @@ -4832,12 +5520,12 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7595c971-233d-4bcf-bd18-596129188c49\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1459 - Access Control For Transmission Medium\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"Vulnerabilities - should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without - a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy + a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy Dependency agent for Linux virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale @@ -4850,7 +5538,8 @@ interactions: extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure SQL Database should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity - to Azure SQL Database.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft + to Azure SQL Database.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -4872,7 +5561,12 @@ interactions: policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"Virtual + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory should use a Git repository for source control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + source control on data factories, to gain capabilities such as change tracking, + collaboration, continuous integration, and deployment.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"exists\":\"false\"},{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77d40665-3120-4348-b539-3192ec808307\"},{\"properties\":{\"displayName\":\"Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet @@ -4882,7 +5576,13 @@ interactions: Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"AuditIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"equals\":\"[parameters('subnetId')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77e8b146-0078-4fb2-b002-e112381199f0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your Azure Cache for Redis instances, data leakage risks are reduced. Learn + more at: https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Cache/redis/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Cache/redis/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7803067c-7d34-46e3-8c79-0ca68fc4036d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7803067c-7d34-46e3-8c79-0ca68fc4036d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1258 - Contingency Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7814506c-382c-4d33-a142-249dd4a0dbff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -4895,7 +5595,16 @@ interactions: Managed Control 1700 - Information System Monitoring | Unauthorized Network Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + Azure Machine Learning workspace, you can reduce data leakage risks. Learn + more about private links at: https://docs.microsoft.com/azure/machine-learning/how-to-configure-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"amlworkspace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7838fd83-5cbb-4b5d-888c-bfa240972597\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7838fd83-5cbb-4b5d-888c-bfa240972597\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1010 - Account Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"784663a8-1eb0-418a-a98c-24d19bc1bb62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -4908,7 +5617,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"78e8e649-50f6-4fe3-99ac-fedc2e63b03f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1647 - Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Azure + Cosmos DB should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your CosmosDB account + isn't exposed on the public internet. Creating private endpoints can limit + exposure of your CosmosDB account. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"797b37f7-06b8-444c-b1ad-fc62867f335a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1510 - Position Risk Designation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"79da5b09-0e7e-499e-adda-141b069c7998\"},{\"properties\":{\"displayName\":\"Microsoft @@ -4947,7 +5662,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a1e2c88-13de-4959-8ee7-47e3d74f1f48\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1289 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Configure + private DNS zones for private endpoints connected to App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve app configuration + instances. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"configurationStores\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-azconfig-io\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a860e27-9ca2-4fc6-822d-c2d248c300df\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1687 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a87fc7f-301e-49f3-ba2a-4d74f424fa97\"},{\"properties\":{\"displayName\":\"Allow @@ -4961,16 +5685,22 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ac22808-a2e8-41c4-9d46-429b50738914\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1492 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Azure + Attestation providers should use private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints provide a way to connect Azure Attestation providers to your Azure + resources without sending traffic over the public internet. By preventing + public access, private endpoints help protect against undesired anonymous + access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Attestation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Attestation/attestationProviders\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b256a2d-058b-41f8-bed9-3f870541c40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b256a2d-058b-41f8-bed9-3f870541c40a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Resource logs in Virtual Machine Scale Sets should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It is recommended to enable Logs so that activity trail can be recreated when - investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"includeAKSClusters\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include - AKS Clusters\",\"description\":\"Whether to include AKS Clusters to Diagnostic + AKS Clusters\",\"description\":\"Whether to include AKS Clusters to resource logs extension - True or False\"},\"defaultValue\":false}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":true}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":false},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notEquals\":\"microsoft-aks\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notEquals\":\"aks\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"aks*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"IaaSDiagnostics\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Diagnostics\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"LinuxDiagnostic\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"in\":[\"Microsoft.OSTCExtensions\",\"Microsoft.Azure.Diagnostics\"]}]}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7c1b1214-f927-48bf-8882-84f0af6588b1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require blob encryption for storage accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures blob encryption for storage accounts is turned on. It only @@ -4987,9 +5717,12 @@ interactions: implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\"},{\"properties\":{\"displayName\":\"Azure Cache for Redis should reside within a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure - Cache for Redis has the ability to reside within a virtual network, which - is a way for the resource to have a non-public endpoint controlled and managed - by the user.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},{\"field\":\"Microsoft.Cache/Redis/subnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d092e0a-7acd-40d2-a975-dca21cae48c4\"},{\"properties\":{\"displayName\":\"Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encrypting @@ -4998,7 +5731,15 @@ interactions: and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Microsoft + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Service + Bus namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d890f7f-100c-473d-baa1-2777e2266535\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d890f7f-100c-473d-baa1-2777e2266535\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -5025,7 +5766,18 @@ interactions: auditing Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure SQL Database server to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure SQL Database server to stream resource logs + to a Log Analytics workspace when any SQL Server which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"logAnalyticsWorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the server should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"logAnalyticsWorkspaceId\":{\"type\":\"string\"}},\"variables\":{\"diagnosticSettingsName\":\"SQLSecurityAuditEvents_3d229c42-c7e7-4c97-9a99-ec0d0d8b86c1\"},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"name\":\"[concat(parameters('serverName'),'/master/microsoft.insights/',variables('diagnosticSettingsName'))]\",\"apiVersion\":\"2017-05-01-preview\",\"properties\":{\"name\":\"[variables('diagnosticSettingsName')]\",\"workspaceId\":\"[parameters('logAnalyticsWorkspaceId')]\",\"logs\":[{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":true,\"retentionPolicy\":{\"days\":0,\"enabled\":false}}]}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"dependsOn\":[\"[concat('Microsoft.Sql/servers/', + parameters('serverName'),'/databases/master/providers/microsoft.insights/diagnosticSettings/', + variables('diagnosticSettingsName'))]\"],\"properties\":{\"state\":\"Enabled\",\"isAzureMonitorTargetEnabled\":true}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"logAnalyticsWorkspaceId\":{\"value\":\"[parameters('logAnalyticsWorkspaceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ea8a143-05e3-4553-abfe-f56bef8b0b70\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ea8a143-05e3-4553-abfe-f56bef8b0b70\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -5371,28 +6123,27 @@ interactions: subscription().subscriptionId, '/resourceGroups/', parameters('vmRgName'), '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]\"}}],\"outputs\":{\"status\":{\"type\":\"string\",\"value\":\"[concat('Backup enabled successfully for VM:', ' ', parameters('vmName'), 'Backup Vault: ', - variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Diagnostic + variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Resource logs in Event Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Event + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Event Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network interfaces should not have public IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id\",\"notLike\":\"*\"}}]},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a86a26-fd1f-447c-b59d-e51f44264114\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - MySQL database servers enables implementing a separation of duties in the - management of keys and data. When you configure a customer-managed key, the - key is used to protect and control access to the key that encrypts your data. - You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83cef61d-dbd1-4b20-a4fc-5fbc7da10833\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1382 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -5552,7 +6303,21 @@ interactions: Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your IoT Hub device provisioning instance so that + it's not accessible over the public internet. This can reduce data leakage + risks. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/859dfc91-ea35-43a6-8256-31271c363794\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"859dfc91-ea35-43a6-8256-31271c363794\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory integration runtime should have a limit for number of cores\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + manage your resources and costs, limit the number of cores for an integration + runtime.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"maxCores\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed max number of cores\",\"description\":\"The max number of cores allowed + for dataflow.\"},\"defaultValue\":32}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"greater\":\"[parameters('maxCores')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/85bb39b5-2f66-49f8-9306-77da3ac5130f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"85bb39b5-2f66-49f8-9306-77da3ac5130f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -5560,11 +6325,11 @@ interactions: Managed Control 1326 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8605fc00-1bf5-4fb3-984e-c95cec4f231d\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit - or deny resources that do not have any IP rules configured and allow all networks - by default. Accounts that have at least one IP rule defined with the virtual - network filter enabled are deemed compliant. Accounts disabling public access - are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Firewall + rules should be defined on your Azure Cosmos DB accounts to prevent traffic + from unauthorized sources. Accounts that have at least one IP rule defined + with the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"equals\":\"Enabled\"}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"equals\":\"false\"},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules[*]\"},\"equals\":0}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"equals\":\"\"}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options @@ -5588,9 +6353,9 @@ interactions: '/current')]\",\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\",\"apiVersion\":\"2014-04-01\",\"properties\":{\"status\":\"Enabled\"}}]},\"parameters\":{\"fullDbName\":{\"value\":\"[field('fullName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\"},{\"properties\":{\"displayName\":\"System updates should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Missing security system updates on your servers will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c0f5316d-5ac5-9218-b77a-b96e16ccfd66\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"4ab6e3c5-74dd-8b35-9ab9-f61b30875b27\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1507 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86ccd1bf-e7ad-4851-93ce-6ec817469c1e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -5728,13 +6493,29 @@ interactions: Managed Control 1215 - Least Functionality\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"88fc93e8-4745-4785-b5a5-b44bb92c44ff\"},{\"properties\":{\"displayName\":\"SQL - servers should be configured with auditing retention days greater than 90 - days.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - SQL servers configured with an auditing retention period of less than 90 days.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + servers should be configured with 90 days auditing retention or higher\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + servers should be configured with 90 days auditing retention or higher.\",\"metadata\":{\"version\":\"2.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89099bee-89e0-4b26-a5f4-165451757743\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1411 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid domains to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898e9824-104c-4965-8e0e-5197588fa5d4\"},{\"properties\":{\"displayName\":\"App + Configuration should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"When + using a supported SKU, Azure Private Link lets you connect your virtual network + to Azure services without a public IP address at the source or destination. + The private link platform handles the connectivity between the consumer and + services over the Azure backbone network. By mapping private endpoints to + your app configuration instances instead of the entire service, you'll also + be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/sku.name\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89c8a434-18f0-402c-8147-630a8dea54e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89c8a434-18f0-402c-8147-630a8dea54e0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a29d47b-8604-4667-84ef-90d203fcb305\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -5745,7 +6526,13 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should deploy into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + communication between your containers with Azure Virtual Networks. When you + specify a virtual network, resources within the virtual network can securely + and privately communicate with each other.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"field\":\"Microsoft.ContainerInstance/containerGroups/networkProfile.id\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8af8f826-edcb-4178-b35f-851ea6fea615\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs with a pending reboot\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -5857,7 +6644,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom - workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Microsoft + workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to enable private endpoint connections\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint connection enables private connectivity to your Azure SQL + Database via a private IP address inside a virtual network. This configuration + improves your security posture and supports Azure networking tools and scenarios.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Subnet + to use for Private Endpoints\",\"description\":\"The name of the subnet within + the virtual network that you would like to use for your Private Endpoint Connection + deployment\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].id\",\"exists\":\"false\"}},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/privateEndpointConnections\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"subnetlocation\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"name\":\"[variables('privateEndpointName')]\",\"location\":\"[parameters('subnetlocation')]\",\"properties\":{\"privateLinkServiceConnections\":[{\"name\":\"[parameters('name')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"sqlServer\"],\"privateLinkServiceConnectionState\":{\"status\":\"Approved\",\"description\":\"Auto-approved\",\"actionsRequired\":\"None\"}}}],\"manualPrivateLinkServiceConnections\":[],\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"customDnsConfigs\":[]}}]},\"parameters\":{\"name\":{\"value\":\"[parameters('name')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"subnetlocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e8ca470-d980-4831-99e6-dc70d9f6af87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e8ca470-d980-4831-99e6-dc70d9f6af87\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1517 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8f5ad423-50d6-4617-b058-69908f5586c9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -6080,21 +6875,37 @@ interactions: Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Event + Hub namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91678b7c-d721-4fc5-b179-3cdf74e96b1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91678b7c-d721-4fc5-b179-3cdf74e96b1c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Resource + logs in App Services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + enabling of resource logs on the app. This enables you to recreate activity + trails for investigation purposes if a security incident occurs or your network + is compromised.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91a78b24-f231-4a8a-8da9-02c35b2b6510\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"Deploy + Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Dependency agent to Windows Azure Arc machines if the agent - isn't installed.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\",\"resources\":[{\"type\":\"extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[variables('DaExtensionName')]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[\"[concat('Microsoft.HybridCompute/machines/', - parameters('vmName'))]\"],\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}]}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + isn't installed.\",\"metadata\":{\"version\":\"1.2.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[concat(parameters('vmName'), + '/', variables('DaExtensionName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -6102,9 +6913,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"924e1b2d-c502-478f-bfdb-a7e09a0d5c01\"},{\"properties\":{\"displayName\":\"MFA should be enabled accounts with write permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1290 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"92f85ce9-17b7-49ea-85ee-ea7271ea6b82\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -6182,10 +6993,29 @@ interactions: Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault to stream resource logs to a Log + Analytics workspace when any Key Vault which is missing this diagnostic settings + is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKeyVaultDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Key Vault should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AuditEventEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AuditEvent + - Enabled\",\"description\":\"Whether to stream AuditEvent logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AllMetricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AuditEventEnabled\":{\"type\":\"string\"},\"AllMetricsEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('AuditEventEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"AuditEventEnabled\":{\"value\":\"[parameters('AllMetricsEnabled')]\"},\"AllMetricsEnabled\":{\"value\":\"[parameters('AuditEventEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/951af2fa-529b-416e-ab6e-066fd85ac459\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"951af2fa-529b-416e-ab6e-066fd85ac459\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1526 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Authentication + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Automation + accounts should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your Automation + account resources by creating private endpoints instead. Learn more at: https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"955a914f-bf86-4f0e-acd5-e0766b0efcb6\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your web app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they @@ -6252,7 +7082,15 @@ interactions: Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},{\"field\":\"[concat('tags[', parameters('tagName'), ']')]\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f\"],\"operations\":[{\"operation\":\"add\",\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"HPC + Cache accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure HPC Cache with customer-managed keys. By default, + customer data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageCache/caches\"},{\"field\":\"Microsoft.StorageCache/caches/encryptionSettings.keyEncryptionKey.keyUrl\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/970f84d8-71b6-4091-9979-ace7e3fb6dbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"970f84d8-71b6-4091-9979-ace7e3fb6dbb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - MSS (Legacy)'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -6304,11 +7142,13 @@ interactions: Managed Control 1378 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"97fceb70-6983-42d0-9331-18ad8253184d\"},{\"properties\":{\"displayName\":\"Azure - Event Grid domains should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid domains that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid domains should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid domain instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"count\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9830b652-8523-49cc-b1b3-e17dce1127ca\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation only in United States data centers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows @@ -6392,7 +7232,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9943c16a-c54c-4b4a-ad28-bfd938cdbf57\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Azure + Batch account should use customer-managed keys to encrypt data\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Batch account's + data. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/Batch-CMK.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -6439,7 +7287,16 @@ interactions: IaaSAntimalware extension should be deployed on Windows servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to IoT + Hub device provisioning service, you can reduce data leakage risks. Learn + more about private links at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/provisioningServices\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"greaterOrEquals\":1},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotDps\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b75ea5b-c796-4c99-aaaf-21c204daac43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b75ea5b-c796-4c99-aaaf-21c204daac43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1236 - Software Usage Restrictions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9ba3ed84-c768-4e18-b87c-34ef1aff1b57\"},{\"properties\":{\"displayName\":\"Microsoft @@ -6456,7 +7313,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c284fc0-268a-4f29-af44-3c126674edb4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1135 - Non-Repudiation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cognitive Search service so that it is + not accessible over the public internet. This can reduce data leakage risks. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9cee519f-d9c1-4fd9-9f79-24ec3449ed30\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1489 - Location Of Information System Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9d0a794f-1444-4c96-9534-e35fc8c39c91\"},{\"properties\":{\"displayName\":\"Ensure @@ -6499,8 +7361,8 @@ interactions: Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your - resources.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application + resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application definition for Managed Application should use customer provided storage account\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use your own storage account to control the application definition data when this is a regulatory or compliance requirement. You can choose to store your managed @@ -6553,7 +7415,17 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Configure + Storage account to use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + storage account, you can reduce data leakage risks. Learn more about private + links at - https://aka.ms/azureprivatelinkoverview\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"The subnetId that private endpoint + connections should link to\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Type of sub-resource for the resource selected + above, that your private endpoint will be able to access\"},\"allowedValues\":[\"blob\",\"blob_secondary\",\"table\",\"table_secondary\",\"queue\",\"queue_secondary\",\"file\",\"web\",\"web_secondary\",\"dfs\",\"dfs_secondary\"],\"defaultValue\":\"blob\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"kind\",\"in\":[\"StorageV2\",\"BlobStorage\",\"BlockBlobStorage\",\"FileStorage\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":\"[array(parameters('targetSubResource'))]\",\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f766f00-8d11-464e-80e1-4091d7874074\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f766f00-8d11-464e-80e1-4091d7874074\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1354 - Incident Response Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9fd92c17-163a-4511-bb96-bbb476449796\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -6564,7 +7436,15 @@ interactions: auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search service should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of Azure Cognitive Search, Azure Private Link lets you connect + your virtual network to Azure services without a public IP address at the + source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your Search service, data leakage risks are reduced. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or Deny the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/sku.name\",\"equals\":\"free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a049bf77-880b-470f-ba6d-9f21c530cf83\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1145 - Security Assessments\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a0724970-9c75-4a64-a225-a28002953f28\"},{\"properties\":{\"displayName\":\"Allowed @@ -6597,7 +7477,16 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces/authorizationRules\"},{\"field\":\"name\",\"notEquals\":\"RootManageSharedAccessKey\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1817ec0-a368-432a-8057-8371e17ac6ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Event Hubs supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Event Hub will use to encrypt data in your namespace. Note that Event + Hub only supports encryption with customer-managed keys for namespaces in + dedicated clusters.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},{\"field\":\"Microsoft.EventHub/namespaces/clusterArmId\",\"exists\":\"true\"},{\"not\":{\"field\":\"Microsoft.EventHub/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Logic Apps to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -6649,7 +7538,15 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Resource + logs in Azure Key Vault Managed HSM should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + recreate activity trails for investigation purposes when a security incident + occurs or when your network is compromised, you may want to audit by enabling + resource logs on Managed HSMs. Please follow the instructions here: https://docs.microsoft.com/azure/key-vault/managed-hsm/logging.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2a5b911-5617-447e-a49e-59dbe0e0434b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1532 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2c66299-9017-4d95-8040-8bdbf7901d52\"},{\"properties\":{\"displayName\":\"Microsoft @@ -6669,13 +7566,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1238 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Log + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Configure + Container registries to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Container Registry resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at https://aka.ms/acr/portal/public-network and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3701552-92ea-433e-9d17-33b7f1208fc9\"},{\"properties\":{\"displayName\":\"Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Security Center collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux Azure Monitor agent to enable Azure Monitor assignments + on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux Azure Monitor agent to Linux virtual machines hosted in Azure that are + supported by Azure Monitor. Azure Monitor agent collects events from the virtual + machine that can be used to provide recommendations. Target virtual machines + must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorLinuxAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorLinuxAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorLinuxAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4034bc6-ae50-406d-bf76-50f4ee5a7811\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a450eba6-2efc-4a00-846a-5804a93c6b77\"},{\"properties\":{\"displayName\":\"Audit @@ -6698,10 +7608,83 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"d1db3318-01ff-16de-29eb-28b344515626\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4fe33eb-e377-4efb-ab31-0784311bc499\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1617 - Application Partitioning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Auditing + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to CosmosDB account. + Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Dns Zone Id\",\"description\":\"The private DNS zone to deploy in a new private + DNS zone group and link to the private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Endpoint Group Id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"cosmosDB-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a63cc0bd-cda4-4178-b705-37dc439d3e0f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to an Event Hub to be enabled on Azure Key + Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Event Hub when any Azure Key Vault Managed HSM which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy\"},\"eventHubRuleId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Authorization Rule Id\",\"description\":\"The Event Hub authorization + rule Id for Azure Diagnostics. The authorization rule needs to be at Event + Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource + group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization + rule}\",\"strongType\":\"Microsoft.EventHub/Namespaces/AuthorizationRules\",\"assignPermissions\":true}},\"eventHubLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Location\",\"description\":\"The location the Event Hub resides in. Only + Azure Key Vault Managed HSMs in this location will be linked to this Event + Hub.\",\"strongType\":\"location\"},\"defaultValue\":\"\"},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Event + Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Event Hub - + True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"hsmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('hsmName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + diagnostic settings for ', parameters('hsmName'))]\"}}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"hsmName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6d2c800-5230-4a40-bff3-8268b4987d42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6d2c800-5230-4a40-bff3-8268b4987d42\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using HTTPS secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires HTTPS user and key secrets stored in Key + Vault. For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"httpsUserKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + user name Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS user name.\"},\"defaultValue\":\"\"},\"httpsKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + key Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"httpsUser\":{\"type\":\"securestring\"},\"httpsKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"httpsUser\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsUserKeyVaultSecretName')]\"}},\"httpsKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6f560f4-f582-4b67-b123-a37dcd1bf7ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6f560f4-f582-4b67-b123-a37dcd1bf7ea\"},{\"properties\":{\"displayName\":\"Auditing on SQL server should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing on your SQL Server should be enabled to track database activities across all - databases on the server, except Synapse, and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + databases on the server and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"},{\"properties\":{\"displayName\":\"The Log Analytics agent should be installed on virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -6719,9 +7702,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\"},{\"properties\":{\"displayName\":\"Azure DDoS Protection Standard should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"DDoS protection standard should be enabled for all virtual networks with a subnet - that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1570 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7fcf38d-bb09-4600-be7d-825046eb162a\"},{\"properties\":{\"displayName\":\"Require @@ -6786,8 +7769,11 @@ interactions: implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a96f743d-a195-420d-983a-08aa06bc441e\"},{\"properties\":{\"displayName\":\"SQL Managed Instances should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Managed - Instances should avoid using GRS storage for backups if data residency rules - require data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Instances should avoid using the default geo-redundant storage for backups, + if data residency rules require data to stay within a specific region. Note: + Azure Policy is not enforced when creating a database using T-SQL. If not + explicitly specified, database with geo-redundant backup storage is created + via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9934fd7-29f2-4e6d-ab3d-607ea38e9079\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9934fd7-29f2-4e6d-ab3d-607ea38e9079\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -6810,15 +7796,24 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9eae324-d327-4539-9293-b48e122465f8\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with owner permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure that Register with Azure Active Directory is enabled on WEB App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy is a duplicate of the respective Managed Identity policies. Please use /providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332 instead.\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"App Service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Microsoft + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning instances to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to an IoT Hub device + provisioning service instance. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotDps\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices-provisioning.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1539 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aabb155f-e7a5-4896-a767-e918bfae2ee0\"},{\"properties\":{\"displayName\":\"Microsoft @@ -6860,7 +7855,77 @@ interactions: relevant non-compliant assignment and create a remediation task.\\nRepeat this step when you have one or more new subscriptions you want to monitor with Security Center.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Microsoft + Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Deploy + - Configure disaster recovery on virtual machines by enabling replication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual + machines without disaster recovery configurations are vulnerable to outages + and other disruptions. If the virtual machine does not already have disaster + recovery configured, this would initiate the same by enabling replication + using preset configurations to facilitate business continuity. To learn more + about disaster recovery, visit https://aka.ms/asr-doc.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Compute\"},\"parameters\":{\"sourceRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Source + Region\",\"description\":\"Region in which the virtual machine is originally + deployed\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Region\",\"description\":\"Region to be used to deploy the virtual machine + in case of a natural disaster\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Resource Group\",\"description\":\"Resource group to be used to create the + virtual machine in the target region\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Vault + Resource Group\",\"description\":\"The resource group containing the recovery + services vault used for disaster recovery configurations\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Services Vault\",\"description\":\"ID of the recovery services vault to be + used for disaster recovery configurations\",\"strongType\":\"Microsoft.RecoveryServices/vaults\",\"serviceName\":\"ASR\"}},\"recoveryNetworkId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Virtual Network\",\"description\":\"Existing Recovery Virtual Network ID or + name of the Virtual Network to be created in Target Region\",\"strongType\":\"Microsoft.Network/virtualNetworks\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"targetZone\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Availability Zone\",\"description\":\"Availability zone in the designated + target region to be used by virtual machines during disaster\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"equals\":\"[parameters('sourceRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.vhd.uri\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.encryptionSettings\",\"exists\":\"false\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"location\",\"equals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones[*]\",\"notEquals\":\"[parameters('targetZone')]\"}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"value\":\"[length(parameters('targetZone'))]\",\"greater\":0}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"false\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Resources/links\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"ASR-Protect-*\"},{\"field\":\"Microsoft.Resources/links/targetId\",\"contains\":\"/replicationProtectedItems/\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"apiVersion\":{\"type\":\"String\"},\"avSetId\":{\"type\":\"String\"},\"dataDiskIds\":{\"type\":\"object\"},\"osDiskId\":{\"type\":\"String\"},\"ppgId\":{\"type\":\"String\"},\"recoveryNetworkId\":{\"type\":\"String\"},\"recoverySubscriptionId\":{\"type\":\"String\"},\"sourceRegion\":{\"type\":\"String\"},\"sourceResourceGroupName\":{\"type\":\"String\"},\"targetRegion\":{\"type\":\"String\"},\"targetResourceGroupName\":{\"type\":\"String\"},\"targetZone\":{\"type\":\"String\"},\"vaultName\":{\"type\":\"String\"},\"vaultResourceGroupName\":{\"type\":\"String\"},\"vmId\":{\"type\":\"String\"},\"vmZones\":{\"type\":\"Object\"}},\"variables\":{\"avSetApiVersion\":\"2019-03-01\",\"deploymentApiVersion\":\"2017-05-10\",\"vmApiVersion\":\"2019-07-01\",\"ppgApiVersion\":\"2019-12-01\",\"portalLinkPrefix\":\"https://portal.azure.com/#@microsoft.onmicrosoft.com/resource\",\"schemaLink\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"defaultAvSet\":\"defaultAvSet-asr\",\"defaultPPG\":\"defaultPPG-asr\",\"eligibilityResultsDefault\":\"default\",\"protectedItemSuffix\":\"-policy\",\"recoveryAvSetPrefix\":\"RecoveryAvSet-\",\"recoveryPPGPrefix\":\"RecoveryPPG-\",\"avSetType\":\"Microsoft.Compute/availabilitySets\",\"deploymentType\":\"Microsoft.Resources/deployments\",\"networkType\":\"Microsoft.Network/virtualNetworks\",\"ppgType\":\"Microsoft.Compute/proximityPlacementGroups\",\"replicationEligibilityResultsType\":\"Microsoft.RecoveryServices/replicationEligibilityResults\",\"storageType\":\"Microsoft.Storage/storageAccounts\",\"vaultType\":\"Microsoft.RecoveryServices/vaults\",\"avSetTemplateName\":\"[concat(variables('recoveryAvSetPrefix'), + last(split(parameters('vmId'), '/')))]\",\"avSetTemplateName64\":\"[if(greater(length(variables('avSetTemplateName')), + 64), substring(variables('avSetTemplateName'), 0, 64), variables('avSetTemplateName'))]\",\"ppgTemplateName\":\"[concat(variables('recoveryPPGPrefix'), + last(split(parameters('vmId'), '/')))]\",\"ppgTemplateName64\":\"[if(greater(length(variables('ppgTemplateName')), + 64), substring(variables('ppgTemplateName'), 0, 64), variables('ppgTemplateName'))]\",\"replicationProtectedIntentTemplateName\":\"[concat('ASR-', + parameters('sourceResourceGroupName'), '-', last(split(parameters('vmId'), + '/')))]\",\"replicationProtectedIntentTemplateName64\":\"[if(greater(length(variables('replicationProtectedIntentTemplateName')), + 64), substring(variables('replicationProtectedIntentTemplateName'), 0, 64), + variables('replicationProtectedIntentTemplateName'))]\",\"vmDataDiskIds\":\"[array(parameters('dataDiskIds').rawValue)]\",\"vmDiskCount\":\"[add(length(variables('vmDataDiskIds')), + int(1))]\",\"diskIds\":\"[concat(array(parameters('osDiskId')), array(parameters('dataDiskIds').rawValue))]\",\"vaultId\":\"[resourceId(parameters('vaultResourceGroupName'), + variables('vaultType'), parameters('vaultName'))]\",\"eligibilityResultsId\":\"[extensionResourceId(parameters('vmId'), + variables('replicationEligibilityResultsType'), variables('eligibilityResultsDefault'))]\",\"protectedIntentName\":\"[concat(parameters('vaultName'), + '/', guid(resourceGroup().id, last(split(parameters('vmId'), '/'))), variables('protectedItemSuffix'))]\",\"recoveryAvSetName\":\"[if(empty(parameters('avSetId')), + variables('defaultAvSet'), concat(last(split(parameters('avSetId'), '/')), + '-asr'))]\",\"recoveryAvSetId\":\"[if(empty(parameters('avSetId')), '', resourceId(parameters('targetResourceGroupName'), + variables('avSetType'), variables('recoveryAvSetName')))]\",\"recoveryAvType\":\"[if(not(empty(parameters('avSetId'))), + 'AvailabilitySet', if(greater(length(parameters('vmZones').rawValue), 0), + 'AvailabilityZone', 'Single'))]\",\"recoveryAvZone\":\"[if(greater(length(parameters('vmZones').rawValue), + 0), parameters('targetZone'), '')]\",\"recoveryPPGName\":\"[if(empty(parameters('ppgId')), + variables('defaultPPG'), concat(last(split(parameters('ppgId'), '/')), '-asr'))]\",\"recoveryPPGId\":\"[if(empty(parameters('ppgId')), + '', resourceId(parameters('targetResourceGroupName'), variables('ppgType'), + variables('recoveryPPGName')))]\",\"targetResourceGroupId\":\"[concat('/subscriptions/', + parameters('recoverySubscriptionId'), '/resourceGroups/', parameters('targetResourceGroupName'))]\"},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('ppgTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"type\":\"[variables('ppgType')]\",\"name\":\"[variables('recoveryPPGName')]\",\"apiVersion\":\"[variables('ppgApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"properties\":{\"proximityPlacementGroupType\":\"[if(empty(parameters('ppgId')), + 'Standard', reference(parameters('ppgId'), variables('ppgApiVersion')).proximityPlacementGroupType)]\"}}]},\"parameters\":{}}},{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('avSetTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"type\":\"[variables('avSetType')]\",\"sku\":{\"name\":\"[if(empty(parameters('avSetId')), + 'Aligned', reference(parameters('avSetId'), variables('avSetApiVersion'), + 'Full').sku.name)]\"},\"name\":\"[variables('recoveryAvSetName')]\",\"apiVersion\":\"[variables('avSetApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"tags\":{},\"properties\":{\"platformUpdateDomainCount\":\"[if(empty(parameters('avSetId')), + '5', reference(parameters('avSetId'), variables('avSetApiVersion')).platformUpdateDomainCount)]\",\"platformFaultDomainCount\":\"[if(empty(parameters('avSetId')), + '2', reference(parameters('avSetId'), variables('avSetApiVersion')).platformFaultDomainCount)]\",\"proximityPlacementGroup\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"id\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\"}}]},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\"]},{\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('replicationProtectedIntentTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('vaultResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/replicationProtectionIntents\",\"name\":\"[variables('protectedIntentName')]\",\"apiVersion\":\"[parameters('apiVersion')]\",\"properties\":{\"providerSpecificDetails\":{\"instanceType\":\"A2A\",\"fabricObjectId\":\"[parameters('vmId')]\",\"primaryLocation\":\"[parameters('sourceRegion')]\",\"recoveryLocation\":\"[parameters('targetRegion')]\",\"recoverySubscriptionId\":\"[parameters('recoverySubscriptionId')]\",\"recoveryAvailabilityType\":\"[variables('recoveryAvType')]\",\"recoveryAvailabilityZone\":\"[variables('recoveryAvZone')]\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\",\"recoveryAvailabilitySetCustomInput\":\"[if(empty(parameters('avSetId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryAvailabilitySetId\\\"', ':', '\\\"', variables('recoveryAvSetId'), + '\\\"', '}')))]\",\"recoveryProximityPlacementGroupCustomInput\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryProximityPlacementGroupId\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\",\"recoveryVirtualNetworkCustomInput\":\"[if(contains(parameters('recoveryNetworkId'), + '/'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryVirtualNetworkId\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"New\\\",', + '\\\"recoveryVirtualNetworkName\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')))]\",\"vmDisks\":[],\"copy\":[{\"name\":\"vmManagedDisks\",\"count\":\"[variables('vmDiskCount')]\",\"input\":{\"diskId\":\"[if(equals(copyIndex('vmManagedDisks'), + int(0)), reference(parameters('vmId'), variables('vmApiVersion')).storageProfile.osDisk.managedDisk.Id, + variables('vmDataDiskIds')[sub(copyIndex('vmManagedDisks'), int(1))])]\",\"recoveryResourceGroupCustomInput\":{\"resourceType\":\"Existing\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\"}}}]}}}],\"outputs\":{\"vmName\":{\"value\":\"[last(split(parameters('vmId'), + '/'))]\",\"type\":\"string\"},\"availabilitySetUrl\":{\"value\":\"[if(empty(parameters('avSetId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryAvSetId')))]\",\"type\":\"string\"},\"proximityPlacementGroupUrl\":{\"value\":\"[if(empty(parameters('ppgId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryPPGId')))]\",\"type\":\"string\"},\"replicationEligibilityResults\":{\"value\":\"[reference(variables('eligibilityResultsId'), + parameters('apiVersion'))]\",\"type\":\"Object\"}}},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\",\"[variables('avSetTemplateName64')]\"]}],\"outputs\":{}},\"parameters\":{\"apiVersion\":{\"value\":\"2018-07-10\"},\"avSetId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/availabilitySet.id')]\"},\"dataDiskIds\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\"emptyArray\":[]}},\"osDiskId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"},\"ppgId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/proximityPlacementGroup.id')]\"},\"recoveryNetworkId\":{\"value\":\"[parameters('recoveryNetworkId')]\"},\"recoverySubscriptionId\":{\"value\":\"[subscription().subscriptionId]\"},\"sourceRegion\":{\"value\":\"[parameters('sourceRegion')]\"},\"sourceResourceGroupName\":{\"value\":\"[resourcegroup().Name]\"},\"targetRegion\":{\"value\":\"[parameters('targetRegion')]\"},\"targetResourceGroupName\":{\"value\":\"[last(split(parameters('targetResourceGroupId'), + '/'))]\"},\"targetZone\":{\"value\":\"[parameters('targetZone')]\"},\"vaultName\":{\"value\":\"[last(split(parameters('vaultId'), + '/'))]\"},\"vaultResourceGroupName\":{\"value\":\"[last(split(parameters('vaultResourceGroupId'), + '/'))]\"},\"vmId\":{\"value\":\"[field('id')]\"},\"vmZones\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/zones')]\",\"emptyArray\":[]}}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac34a73f-9fa5-4067-9247-a3ecae514468\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac34a73f-9fa5-4067-9247-a3ecae514468\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -6870,7 +7935,26 @@ interactions: Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"Configure + Synapse workspaces to have auditing enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure the operations performed against your SQL assets are captured, Synapse + workspaces should have auditing enabled. This is sometimes required for compliance + with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"Integer\",\"metadata\":{\"description\":\"The + value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention + days (optional, 180 days if unspecified)\"},\"defaultValue\":180},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name for storage accounts\",\"description\":\"Auditing writes database + events to an audit log in your Azure Storage account (a storage account will + be created in each region where a Synapse workspace is created that will be + shared by all Synapse workspaces in that region). Important - for proper operation + of Auditing do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"workspaceName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"int\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[parameters('auditRetentionDays')]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), + 0, 3)]\",\"storageName\":\"[tolower(concat('workspaceaudit', variables('locationCode'), + variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('workspaceAuditingStorageAccount-', + uniqueString(variables('locationCode'), deployment().name))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure Synapse workspaces to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('workspaceName'), + '/Default')]\",\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"workspaceName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation if 'environment' tag value in allowed values\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Tags\",\"deprecated\":true},\"parameters\":{},\"policyRule\":{\"if\":{\"not\":{\"field\":\"tags['environment']\",\"in\":[\"production\",\"dev\",\"test\",\"staging\"]}},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -6893,11 +7977,14 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae5d2f14-d830-42b6-9899-df6cfe9c71a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1598 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Virtual - machines should have the Guest Configuration extension\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - machines in Azure that do not have the Guest Configuration extension are Noncompliant. - The extension is required to audit or configure settings inside Azure virtual - machines. For more information about Guest Configuration, see https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Guest + Configuration extension should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure configurations of in-guest settings of your machine, install + the Guest Configuration extension. In-guest settings that the extension monitors + include the configuration of the operating system, application configuration + or presence, and environment settings. Once installed, in-guest policies will + be available such as 'Windows Exploit guard should be enabled'. Learn more + at https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\",\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae89ebca-1c92-4898-ac2c-9f63decb045c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Email notifications to admins should be enabled in SQL Managed Instance advanced @@ -6925,9 +8012,9 @@ interactions: against which this policy will be evaluated.\"},\"allowedValues\":[\"Standard\"],\"defaultValue\":[\"Standard\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppPlatform/Spring\"},{\"field\":\"Microsoft.AppPlatform/Spring/sku.tier\",\"in\":\"[parameters('evaluatedSkuNames')]\"},{\"field\":\"Microsoft.AppPlatform/Spring/networkProfile.serviceRuntimeSubnetId\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af35e2a4-ef96-44e7-a9ae-853dd97032c4\"},{\"properties\":{\"displayName\":\"Monitor missing Endpoint Protection in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers without an installed Endpoint Protection agent will be monitored by Azure - Security Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Security Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: Monitor unaudited SQL servers in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"SQL servers which don't have SQL auditing turned on will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced @@ -6951,13 +8038,27 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b07c9b24-729e-4e85-95fc-f224d2d08a80\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1711 - Security Function Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Management + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should be injected into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Injecting + Azure HDInsight clusters in a virtual network unlocks advanced HDInsight networking + and security features and provides you with control over your network security + configuration.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"count\":{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.id\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.subnet\",\"exists\":false}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0ab5b05-1c98-40f7-bb9e-dc568e41b501\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0ab5b05-1c98-40f7-bb9e-dc568e41b501\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints connect to Azure SignalR + Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure SignalR + Service resource. Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"description\":\"Private DNS zone to integrate with private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"defaultValue\":\"privatelink.service.signalr.net\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"signalr\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-service-signalr-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0e86710-7fb7-4a6c-a064-32e9b829509e\"},{\"properties\":{\"displayName\":\"Management ports of virtual machines should be protected with just-in-time network access control\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Possible network Just In Time (JIT) access will be monitored by Azure Security Center - as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1571 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b11c985b-f2cd-4bd7-85f4-b52426edf905\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -6973,8 +8074,10 @@ interactions: implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b19454ca-0d70-42c0-acf5-ea1c1e5726d1\"},{\"properties\":{\"displayName\":\"SQL Database should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Databases - should avoid using GRS storage for backups if data residency rules require - data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + should avoid using the default geo-redundant storage for backups, if data + residency rules require data to stay within a specific region. Note: Azure + Policy is not enforced when creating a database using T-SQL. If not explicitly + specified, database with geo-redundant backup storage is created via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},{\"field\":\"Microsoft.Sql/servers/databases/edition\",\"notEquals\":\"DataWarehouse\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1091 - Security Awareness Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -7026,7 +8129,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[SecureWebServer]s1;MinimumTLSVersion\",\"value\":\"[parameters('MinimumTLSVersion')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is deployed for the indicated Storage Sync Service resource. + This enables you to address your Storage Sync Service resource from within + the private IP address space of your organization's network, rather than through + the internet-accessible public endpoint. The existence of one or more private + endpoints by themselves does not disable the public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet with private endpoint network policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"afs\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b35dddd9-daf7-423b-8375-5a5b86806d5a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b35dddd9-daf7-423b-8375-5a5b86806d5a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -7034,20 +8145,36 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to a Log Analytics workspace to be enabled + on Azure Key Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Log Analytics workspace when any Azure Key Vault Managed HSM which is missing + this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + to send log to. If this workspace is outside of the scope of the assignment + you must manually grant 'Log Analytics Contributor' permissions (or similar) + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3884c81-31aa-473d-a9bb-9466fe0ec2a0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3884c81-31aa-473d-a9bb-9466fe0ec2a0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3d8d15b-627a-4219-8c96-4d16f788888b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1380 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Resource logs in Search services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1172 - Internal System Connections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b43e946e-a4c8-4b92-8201-4a39331db43c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -7084,22 +8211,32 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsShutdown\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Shutdown: Allow system to be shut down without having to log on;ExpectedValue', '=', parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'), ',', 'Shutdown: - Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"A - security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter + Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"Azure + Stack Edge devices should use double-encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + secure the data at rest on the device, ensure it's double-encrypted, the access + to data is controlled, and once the device is deactivated, the data is securely + erased off the data disks. Double encryption is the use of two layers of encryption: + BitLocker XTS-AES 256-bit encryption on the data volumes and built-in encryption + of the hard drives. Learn more in the security overview documentation for + the specific Stack Edge device.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + Stack Edge\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBoxEdge/DataBoxEdgeDevices\"},{\"field\":\"Microsoft.DataboxEdge/DataBoxEdgeDevices/sku.name\",\"notIn\":[\"TEA_1Node\",\"TEA_1Node_UPS\",\"TEA_1Node_Heater\",\"TEA_1Node_UPS_Heater\",\"TEA_4Node_Heater\",\"TEA_4Node_UPS_Heater\",\"TMA\",\"EdgePR_Base\",\"EdgePR_Base_UPS\",\"EdgeMR_Mini\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4ac1030-89c5-4697-8e00-28b5ba6a8811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4ac1030-89c5-4697-8e00-28b5ba6a8811\"},{\"properties\":{\"displayName\":\"[Deprecated]: + A security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter a phone number to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft + compromised resources - This policy is deprecated because phone numbers are + no longer used in any scenario by Azure Security Center\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4f9b47a-2116-4e6f-88db-4edbf22753f1\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for PostgreSQL can only be accessed from a private endpoint. This - configuration strictly disables access from any public address space outside - of Azure IP range, and denies all logins that match IP or virtual network-based - firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b52376f7-9612-48a1-81cd-1ffe4b61032c\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should only use Azure Active Directory for client authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit usage of client authentication only via Azure Active Directory in Service @@ -7114,7 +8251,16 @@ interactions: enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts with private endpoints \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + CosmosDB account, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet in the location\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointGroupId\",\"description\":\"A + group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"privateEndpointGroupId\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"String\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"[parameters('privateEndpointGroupId')]\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b609e813-3156-4079-91fa-a8494c1471c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b609e813-3156-4079-91fa-a8494c1471c4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6747bf9-2b97-45b8-b162-3c8becb9937d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -7130,17 +8276,53 @@ interactions: at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you - understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit + understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit if Network Watcher is not enabled for region(s).\",\"strongType\":\"location\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"NetworkWatcher resource group name\",\"description\":\"Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers - are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft + are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1608 - Supply Chain Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1401 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"API + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for SQL Databases to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for SQL Databases to stream resource logs to a Log + Analytics workspace when any SQL Database which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"SQLDatabaseDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select the Log Analytics workspace + from dropdown list\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreRuntimeStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreRuntimeStatistics + logs to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreWaitStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"ErrorsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Errors + - Enabled\",\"description\":\"Whether to stream Errors logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"DatabaseWaitStatistics + - Enabled\",\"description\":\"Whether to stream DatabaseWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"BlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Blocks + - Enabled\",\"description\":\"Whether to stream Blocks logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLInsightsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLInsights + - Enabled\",\"description\":\"Whether to stream SQLInsights logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLSecurityAuditEvents + - Enabled\",\"description\":\"Whether to stream SQLSecurityAuditEvents logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"TimeoutsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Timeouts + - Enabled\",\"description\":\"Whether to stream Timeouts logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AutomaticTuningEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AutomaticTuning + - Enabled\",\"description\":\"Whether to stream AutomaticTuning logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DeadlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Deadlocks + - Enabled\",\"description\":\"Whether to stream Deadlocks logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Basic\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Basic + (metric) - Enabled\",\"description\":\"Whether to stream Basic metrics to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"InstanceAndAppAdvanced\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"InstanceAndAppAdvanced + (metric) - Enabled\",\"description\":\"Whether to stream InstanceAndAppAdvanced + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"WorkloadManagement\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"WorkloadManagement + (metric) - Enabled\",\"description\":\"Whether to stream WorkloadManagement + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"matchInsensitively\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Basic\":{\"type\":\"string\"},\"InstanceAndAppAdvanced\":{\"type\":\"string\"},\"WorkloadManagement\":{\"type\":\"string\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"string\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"string\"},\"ErrorsEnabled\":{\"type\":\"string\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"string\"},\"BlocksEnabled\":{\"type\":\"string\"},\"SQLInsightsEnabled\":{\"type\":\"string\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"string\"},\"TimeoutsEnabled\":{\"type\":\"string\"},\"AutomaticTuningEnabled\":{\"type\":\"string\"},\"DeadlocksEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Basic\",\"enabled\":\"[parameters('Basic')]\"},{\"category\":\"InstanceAndAppAdvanced\",\"enabled\":\"[parameters('InstanceAndAppAdvanced')]\"},{\"category\":\"WorkloadManagement\",\"enabled\":\"[parameters('WorkloadManagement')]\"}],\"logs\":[{\"category\":\"SQLInsights\",\"enabled\":\"[parameters('SQLInsightsEnabled')]\"},{\"category\":\"AutomaticTuning\",\"enabled\":\"[parameters('AutomaticTuningEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},{\"category\":\"Errors\",\"enabled\":\"[parameters('ErrorsEnabled')]\"},{\"category\":\"DatabaseWaitStatistics\",\"enabled\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},{\"category\":\"Timeouts\",\"enabled\":\"[parameters('TimeoutsEnabled')]\"},{\"category\":\"Blocks\",\"enabled\":\"[parameters('BlocksEnabled')]\"},{\"category\":\"Deadlocks\",\"enabled\":\"[parameters('DeadlocksEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"Basic\":{\"value\":\"[parameters('Basic')]\"},\"InstanceAndAppAdvanced\":{\"value\":\"[parameters('InstanceAndAppAdvanced')]\"},\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"WorkloadManagement\":{\"value\":\"[parameters('WorkloadManagement')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},\"QueryStoreWaitStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},\"ErrorsEnabled\":{\"value\":\"[parameters('ErrorsEnabled')]\"},\"DatabaseWaitStatisticsEnabled\":{\"value\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},\"BlocksEnabled\":{\"value\":\"[parameters('BlocksEnabled')]\"},\"SQLInsightsEnabled\":{\"value\":\"[parameters('SQLInsightsEnabled')]\"},\"SQLSecurityAuditEventsEnabled\":{\"value\":\"[parameters('SQLSecurityAuditEventsEnabled')]\"},\"TimeoutsEnabled\":{\"value\":\"[parameters('TimeoutsEnabled')]\"},\"AutomaticTuningEnabled\":{\"value\":\"[parameters('AutomaticTuningEnabled')]\"},\"DeadlocksEnabled\":{\"value\":\"[parameters('DeadlocksEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b79fa14e-238a-4c2d-b376-442ce508fc84\"},{\"properties\":{\"displayName\":\"API App should only be accessible over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App @@ -7164,7 +8346,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;Members\",\"value\":\"[parameters('Members')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Event Hub namespaces, data + leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b8564268-eb4a-4337-89be-a19db070c59d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b8564268-eb4a-4337-89be-a19db070c59d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -7217,17 +8407,27 @@ interactions: category: 'Security Options - Recovery console'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsRecoveryconsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba12366f-f9a6-42b8-9d98-157d0b1a837b\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should be encrypted with a customer-managed key - (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have encryption enabled with - customer-managed keys (CMK). Customer-managed keys add an additional layer - of security for workspaces. For more information, visit https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Machine + Machine Learning workspaces should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"not\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/encryption.status\",\"equals\":\"enabled\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba769a63-b8cc-4b2d-abf6-ac33c7204be8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"topic\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"topic-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baf19753-7502-405f-8745-370519b20483\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1726 - Information Handling And Retention\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baff1279-05e0-4463-9a70-8ba5de4c7aa4\"},{\"properties\":{\"displayName\":\"Microsoft @@ -7240,9 +8440,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your non-internet-facing virtual machines from potential threats by restricting access with network security groups (NSG). Learn more about controlling traffic - with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1533 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -7333,15 +8533,33 @@ interactions: IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be - reviewed by the network security team.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + reviewed by the network security team.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"Container + registries should have SKUs that support Private Links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your container registries + instead of the entire service, data leakage risks are reduced. Learn more + at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"notEquals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\"},{\"properties\":{\"displayName\":\"[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"SQL\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for DNS should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for DNS provides an additional layer of protection for your cloud + resources by continuously monitoring all DNS queries from your Azure resources. + Azure Defender alerts you about suspicious activity at the DNS layer. Learn + more about the capabilities of Azure Defender for DNS at https://aka.ms/defender-for-dns + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Dns\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bdc59948-5574-49b3-bb91-76b7c986428d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bdc59948-5574-49b3-bb91-76b7c986428d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -7373,15 +8591,13 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NumberOfDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Number of days\",\"description\":\"The number of days without restart until the machine is considered non-compliant\"},\"defaultValue\":\"12\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[MachineUpTime]MachineLastBootUpTime;NumberOfDays', - '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Audit - Windows machines on which Windows Defender Exploit Guard is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the PowerShell command - Get-MPPreference returns configuration details that does not match expected - values. Windows Defender Exploit Guard helps protect against malware that - uses exploits to infect devices and spread. Exploit Guard protection consists - of a number of mitigations that can be applied to either the operating system - or individual apps.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Windows + Defender Exploit Guard should be enabled on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows + Defender Exploit Guard uses the Azure Policy Guest Configuration agent. Exploit + Guard has four components that are designed to lock down devices against a + wide variety of attack vectors and block behaviors commonly used in malware + attacks while enabling enterprises to balance their security risk and productivity + requirements (Windows only).\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NotAvailableMachineState\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Status if Windows Defender is not available on machine\",\"description\":\"Windows @@ -7424,7 +8640,17 @@ interactions: Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is a private IP address allocated inside a customer-owned + virtual network via which an Azure resource is reachable. This policy deploys + a private endpoint for your IoT hub to allow services inside your virtual + network to reach IoT Hub without requiring traffic to be sent to IoT Hub's + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotHub\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf684997-3909-404e-929c-d4a38ed23b2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf684997-3909-404e-929c-d4a38ed23b2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf6850fe-abba-468e-9ef4-d09ec7d983cd\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -7449,7 +8675,55 @@ interactions: Group Membership;ExpectedValue\",\"value\":\"[parameters('AuditGroupMembership')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Only + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using SSH secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires a SSH private key secret in Key Vault. + For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"sshKnownHostsContents\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Base64-encoded + known hosts content\",\"description\":\"The base64-encoded known hosts content.\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"sshPrivateKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SSH + private key Key Vault secret\",\"description\":\"The name of the Key Vault + secret that holds the base64-encoded SSH private key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/sshKnownHostsContents\",\"equals\":\"[parameters('sshKnownHostsContents')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"sshKnownHostsContents\":{\"type\":\"string\"},\"sshPrivateKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":{\"value\":\"[parameters('sshKnownHostsContents')]\"},\"sshPrivateKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('sshPrivateKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c050047b-b21b-4822-8a2d-c1e37c3c0c6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c050047b-b21b-4822-8a2d-c1e37c3c0c6a\"},{\"properties\":{\"displayName\":\"Configure + private endpoint connections on Azure Automation accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Azure Automation accounts without a need for public IP addresses at the + source or destination. Learn more about private endpoints in Azure Automation + at https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Webhook\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}},{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"DSCAndHybridWorker\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c0c3130e-7dda-4187-aed0-ee4a472eaa60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c0c3130e-7dda-4187-aed0-ee4a472eaa60\"},{\"properties\":{\"displayName\":\"Only approved VM extensions should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy governs the virtual machine extensions that are not approved.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"approvedExtensions\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -7595,7 +8869,8 @@ interactions: for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, - verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure Defender for container registries should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Defender for container registries provides vulnerability scanning of any images pulled within the last 30 days, pushed to your registry, or imported, and @@ -7626,19 +8901,37 @@ interactions: Box\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"supportedSKUs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Supported SKUs\",\"description\":\"The list of SKUs that support software-based double - encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Microsoft + encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Azure + Key Vault Managed HSM should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + deletion of an Azure Key Vault Managed HSM can lead to permanent data loss. + A malicious insider in your organization can potentially delete and purge + Azure Key Vault Managed HSM. Purge protection protects you from insider attacks + by enforcing a mandatory retention period for soft deleted Azure Key Vault + Managed HSM. No one inside your organization or Microsoft will be able to + purge your Azure Key Vault Managed HSM during the soft delete retention period.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/managedHsms/enableSoftDelete\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.KeyVault/managedHsms/enablePurgeProtection\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39ba22d-4428-4149-b981-70acb31fc383\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1389 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39e6fda-ae70-4891-a739-be7bba6d1062\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"System + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for Resource Manager should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for Resource Manager automatically monitors the resource management + operations in your organization. Azure Defender detects threats and alerts + you about suspicious activity. Learn more about the capabilities of Azure + Defender for Resource Manager at https://aka.ms/defender-for-resource-manager + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Arm\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3d20c29-b36d-48fe-808b-99a87530ad99\"},{\"properties\":{\"displayName\":\"System updates on virtual machine scale sets should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine - scale sets are secure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + scale sets are secure.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -7668,9 +8961,9 @@ interactions: implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4aff9e7-2e60-46fa-86be-506b79033fc5\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your API App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they @@ -7830,27 +9123,25 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c69b870e-857b-458b-af02-bb234f7a00d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1125 - Audit Reduction And Report Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"Deploy + Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific - categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Profile name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Log Analytics workspace\",\"description\":\"Select Log Analytics workspace - from dropdown list. If this workspace is outside of the scope of the assignment + categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select Log Analytics workspace from + dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Name\",\"description\":\"Name of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Value\",\"description\":\"Value of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Name\",\"description\":\"Name of the tag to use for excluding vaults from + this policy. This should be used along with the Exclusion Tag Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Value\",\"description\":\"Value of the tag to use for excluding vaults + from this policy. This should be used along with the Exclusion Tag Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allof\":[{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"allof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Category\",\"in\":[\"CoreAzureBackup\",\"AddonAzureBackupJobs\",\"AddonAzureBackupAlerts\",\"AddonAzureBackupPolicy\",\"AddonAzureBackupStorage\",\"AddonAzureBackupProtectedInstance\"]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Enabled\",\"equals\":\"True\"}]}},\"Equals\":6},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType\",\"equals\":\"Dedicated\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vaultName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"logAnalyticsDestinationType\":\"Dedicated\",\"metrics\":[],\"logs\":[{\"category\":\"CoreAzureBackup\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupAlerts\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupJobs\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupPolicy\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupProtectedInstance\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupStorage\",\"enabled\":\"true\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), - 'configured for diagnostic logs for ', ': ', parameters('vaultName'), '/', - 'Microsoft.Insights/', parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft + 'configured for resource logs for ', ': ', parameters('vaultName'), '/', 'Microsoft.Insights/', + parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1619 - Information In Shared Resources\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c722e569-cb52-45f3-a643-836547d016e1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -7914,15 +9205,15 @@ interactions: This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Resource logs in Data Lake Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -7944,6 +9235,17 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c96f3246-4382-4264-bf6b-af0b35e23c3c\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private DNS provides a reliable, secure DNS service to manage and resolve + domain names in a virtual network without the need to add a custom DNS solution. + You can use private DNS zones to override the DNS resolution by using your + own custom domain names for a private endpoint. This policy deploys a private + DNS Zone for IoT Hub private endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotHub\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy automatically deploys diagnostic settings to network security groups. A storage account with name '{storagePrefixParameter}{NSGLocation}' will be @@ -7964,11 +9266,30 @@ interactions: network rules. These services will then use strong authentication to access the storage account.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"notContains\":\"AzureServices\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9d007d0-c057-4772-b18c-01e546713bcd\"},{\"properties\":{\"displayName\":\"App - Configuration should use a private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - endpoint connections allow clients on a virtual network to securely access - Azure App Configuration over a private link.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App + Configuration should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your app configuration instances + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows Azure Monitor agent to enable Azure Monitor assignments + on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows Azure Monitor agent to Windows virtual machines hosted in Azure that + are supported by Azure Monitor. Azure Monitor agent collects events from the + virtual machine that can be used to provide recommendations. Target virtual + machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorWindowsAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorWindowsAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca817e41-e85a-4783-bc7f-dc532d36235e\"},{\"properties\":{\"displayName\":\"Managed + disks should be double encrypted with both platform-managed and customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"High + security sensitive customers who are concerned of the risk associated with + any particular encryption algorithm, implementation, or key being compromised + can opt for additional layer of encryption using a different encryption algorithm/mode + at the infrastructure layer using platform managed encryption keys. The disk + encryption sets are required to use double encryption. Learn more at https://aka.ms/disks-doubleEncryption.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/diskEncryptionSets\"},{\"field\":\"Microsoft.Compute/diskEncryptionSets/encryptionType\",\"notEquals\":\"EncryptionAtRestWithPlatformAndCustomerKeys\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca91455f-eace-4f96-be59-e6e2c35b4816\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca94b046-45e2-444f-a862-dc8ce262a516\"},{\"properties\":{\"displayName\":\"Microsoft @@ -8014,9 +9335,9 @@ interactions: Sensitive data in your SQL databases should be classified\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive - data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Security + data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"3.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed virtual machine size SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of virtual machine size SKUs that your organization can deploy.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Compute\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -8046,12 +9367,12 @@ interactions: Managed Control 1104 - Audit Events\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdd8d244-18b2-4306-a1d1-df175ae0935f\"},{\"properties\":{\"displayName\":\"Deploy - export to Event Hub for Azure Security Center alerts and recommendations\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - export to Event Hub of Azure Security Center alerts and/or recommendations. - This policy deploys an export to Event Hub configuration with your conditions - and target Event Hub on the assigned scope. To deploy this policy on newly - created subscriptions, open the Compliance tab, select the relevant non-compliant - assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + export to Event Hub for Azure Security Center data\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + export to Event Hub of Azure Security Center data. This policy deploys an + export to Event Hub configuration with your conditions and target Event Hub + on the assigned scope. To deploy this policy on newly created subscriptions, + open the Compliance tab, select the relevant non-compliant assignment and + create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Event Hub configuration is created. If you enter a name for a resource group @@ -8059,17 +9380,20 @@ interactions: group can only have one export to Event Hub configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Event Hub configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;\"},\"allowedValues\":[\"Security recommendations\",\"Security - alerts\",\"Overall secure score\",\"Secure score controls\"],\"defaultValue\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -8080,30 +9404,52 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event Hub details\",\"description\":\"The Event Hub details of where the data should be exported to: Subscription, Event Hub Namespace, Event Hub, and Authorizations - rules with 'Send' claim. If you do not already have an event hub, visit Event - Hubs to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.EventHub%2Fnamespaces).\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + rules with 'Send' claim.\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"SeperatedEventHubDetails\":\"[split(parameters('eventHubDetails'),'/')]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"exportToEventHub\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Event Hub via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', @@ -8112,7 +9458,7 @@ interactions: '/', variables('SeperatedEventHubDetails')[3], '/', variables('SeperatedEventHubDetails')[4], '/', variables('SeperatedEventHubDetails')[5], '/', variables('SeperatedEventHubDetails')[6], '/', variables('SeperatedEventHubDetails')[7], '/', variables('SeperatedEventHubDetails')[8], - '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -8142,15 +9488,15 @@ interactions: Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Resource logs in Key Vault should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Key + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -8158,15 +9504,15 @@ interactions: Managed Control 1724 - Error Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d07594d1-0307-4c08-94db-5d71ff31f0f6\"},{\"properties\":{\"displayName\":\"Container - registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have any network or firewall (IP) rules configured - and so allow all network access by default. Restricting network access protects - container registries from potential threats. Container registries with at - least one IP / firewall rule or configured virtual network are deemed compliant. - For more information on Container Registry network rules, visit: https://aka.ms/acr/portal/public-network - and https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn't have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1084 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\"},{\"properties\":{\"displayName\":\"Add @@ -8203,12 +9549,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d1e1d65c-1013-4484-bd54-991332e6a0d2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1721 - Spam Protection | Central Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Guest - Configuration extension should be deployed to Azure virtual machines with - system assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Virtual + machines' Guest Configuration extension should be deployed with system-assigned + managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The Guest Configuration extension requires a system assigned managed identity. - This policy will report instances of the extension as non-compliant when the - machine where it is installed does not have a system assigned managed identity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Azure virtual machines in the scope of this policy will be non-compliant when + they have the Guest Configuration extension installed but do not have a system + assigned managed identity. Learn more at https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines/extensions\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines\",\"name\":\"[first(split(field('fullName'), '/'))]\",\"existenceCondition\":{\"field\":\"identity.type\",\"contains\":\"SystemAssigned\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d26f7642-7545-4e18-9b75-8c9bbdee3a9a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -8218,7 +9565,15 @@ interactions: Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"domain\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"domain-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d389df0a-e0d7-4607-833c-75a6fdac2c2d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows VMs on which @@ -8268,7 +9623,16 @@ interactions: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id\",\"like\":\"[concat(parameters('virtualNetworkId'),'/*')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d416745a-506c-48b6-8ab1-83cb814bcaa3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1383 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Managed + disks should use a specific set of disk encryption sets for the customer-managed + key encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requiring + a specific set of disk encryption sets to be used with managed disks give + you control over the keys used for encryption at rest. You are able to select + the allowed encrypted sets and all others are rejected when attached to a + disk. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"allowedEncryptionSets\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + disk encryption set\",\"description\":\"The list of allowed disk encryption + sets for managed disks.\",\"strongType\":\"Microsoft.Compute/diskEncryptionSets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d461a302-a187-421a-89ac-84acdb4edc04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d461a302-a187-421a-89ac-84acdb4edc04\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Interactive Logon'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Interactive Logon' for displaying last user name and requiring ctrl-alt-del. @@ -8280,7 +9644,16 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsInteractiveLogon\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d472d2c9-d6a3-4500-9f5f-b15f123005aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d472d2c9-d6a3-4500-9f5f-b15f123005aa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1112 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs for Application Insights should be linked to a Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + the Application Insights component to a Log Analytics workspace for logs encryption. + Customer-managed keys are commonly required to meet regulatory compliance + and for more control over the access to your data in Azure Monitor. Linking + your component to a Log Analytics workspace that's enabled with a customer-managed + key, ensures that your Application Insights logs meet this compliance requirement, + see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/components\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"equals\":\"\"},{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"exists\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d550e854-df1a-4de9-bf44-cd894b39a95e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d550e854-df1a-4de9-bf44-cd894b39a95e\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic @@ -8383,7 +9756,23 @@ interactions: auditing Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that IoT Hub device provisioning + service instance isn't exposed on the public internet. Creating private endpoints + can limit exposure of the IoT Hub device provisioning instances. Learn more + at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d82101f3-f3ce-4fc5-8708-4c09f4009546\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d82101f3-f3ce-4fc5-8708-4c09f4009546\"},{\"properties\":{\"displayName\":\"Configure + Container registries with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + premium container registry resources, you can reduce data leakage risks. Learn + more at: https://aka.ms/privateendpoints and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"registry\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d85c6833-7d33-4cf5-a915-aaa2de84405f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d85c6833-7d33-4cf5-a915-aaa2de84405f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1016 - Account Management | Automated Audit Actions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d8b43277-512e-40c3-ab00-14b3b6e72238\"},{\"properties\":{\"displayName\":\"Microsoft @@ -8393,13 +9782,19 @@ interactions: Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d922484a-8cfc-4a6b-95a4-77d6a685407f\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MySQL can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption in transit to encrypt communication + between Azure HDInsight cluster nodes\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission between Azure HDInsight cluster nodes. + Enabling encryption in transit addresses problems of misuse and tampering + during this transmission.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9da03a1-f3c3-412a-9709-947156872263\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9da03a1-f3c3-412a-9709-947156872263\"},{\"properties\":{\"displayName\":\"Audit Windows machines that do not store passwords using reversible encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines @@ -8413,7 +9808,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3bfb53-9c46-4010-b3db-a7ba1296dada\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1516 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to disable public network access \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your CosmosDB resource so that it's not accessible + over the public internet. This can reduce data leakage risks. Learn more at: + https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2021-01-15')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da69ba51-aaf1-41e5-8651-607cd0b37088\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Batch Account to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch Account which is missing this diagnostic settings is created @@ -8434,7 +9836,23 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"ServiceLog\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"db51110f-0865-4a6e-b274-e2e07a5b2cd7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Logic + Apps should be deployed into Integration Service Environment\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploying + Logic Apps into Integration Service Environment in a virtual network unlocks + advanced Logic Apps networking and security features and provides you with + greater control over your network configuration. Learn more at: https://aka.ms/integration-service-environment. + Deploying into Integration Service Environment also allows encryption with + customer-managed keys which provides enhanced data protection by allowing + you to manage your encryption keys. This is often to meet compliance requirements.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},{\"field\":\"Microsoft.Logic/workflows/integrationServiceEnvironment\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc595cb1-1cde-45f6-8faf-f88874e1c0e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc595cb1-1cde-45f6-8faf-f88874e1c0e1\"},{\"properties\":{\"displayName\":\"Web + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a web app should be located on an Azure file share. The + storage account information for the file share must be provided before any + publishing activity. To learn more about using Azure Files for hosting app + service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dcbc65aa-59f3-4239-8978-3bb869d82604\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dcbc65aa-59f3-4239-8978-3bb869d82604\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1439 - Media Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dce72873-c5f1-47c3-9b4f-6b8207fd5a45\"},{\"properties\":{\"displayName\":\"Microsoft @@ -8512,7 +9930,24 @@ interactions: DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deacecc0-9f84-44d2-bb82-46f32d766d43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1528 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"MariaDB + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Recovery Services vaults should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Azure Recovery Services + vaults, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/AB-PrivateEndpoints.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"count\":{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState\",\"equals\":\"Succeeded\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deeddb44-9f94-4903-9fa0-081d524406e3\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to the IoT Hub device provisioning + service, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df39c015-56a4-45de-b4a3-efe77bed320d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df39c015-56a4-45de-b4a3-efe77bed320d\"},{\"properties\":{\"displayName\":\"MariaDB server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure Database for MariaDB while ensuring the traffic stays within the @@ -8521,7 +9956,20 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dfbd9a64-6114-48de-a47d-90574dc2e489\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dfbd9a64-6114-48de-a47d-90574dc2e489\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve to Azure + Cache for Redis. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + resource id of the private DNS zone\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"redisCache\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-redis-cache-windows-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e016b22b-e0eb-436d-8fd7-160c4eaed6e2\"},{\"properties\":{\"displayName\":\"Auditing + on Synapse workspace should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing + on your Synapse workspace should be enabled to track database activities across + all databases on the dedicated SQL pools and save them in an audit log.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired + Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e04e5000-cd89-451d-bb21-a14d24ff9c73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e04e5000-cd89-451d-bb21-a14d24ff9c73\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'User Rights Assignment' for allowing log on locally, RDP, access from the network, @@ -8667,9 +10115,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1da06bd-25b6-4127-a301-c313d6873fff\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your machines should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers which do not satisfy the configured baseline will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1047 - System Use Notification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -8685,16 +10133,17 @@ interactions: advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled in virtual machine scale sets for listed virtual machine + images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed. The list of OS images + is updated over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1161 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -8709,9 +10158,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/virtualNetworkGateways\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/gatewayType\",\"equals\":\"Vpn\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/sku.tier\",\"equals\":\"Basic\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with read permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP access from the Internet should be blocked\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits any network security rule that allows RDP access from Internet\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\"},{\"allOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\"equals\":\"Inbound\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"*\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"3389\"},{\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), @@ -8957,9 +10406,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e80b6812-0bfa-4383-8223-cdd86a46a890\"},{\"properties\":{\"displayName\":\"Vulnerabilities in container security configurations should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit vulnerabilities in security configuration on machines with Docker installed - and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic @@ -8978,12 +10427,13 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\"},{\"properties\":{\"displayName\":\"Container - registries should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections through private links. Public access can - then be disabled to ensure that only private links can be used to connect - to the registry. For more information, visit: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network.By mapping private endpoints to your container registries + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"count\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8eef0a8-67cf-4eb4-9386-14b0e78733d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -8994,7 +10444,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e901375c-8f01-4ac8-9183-d5312f47fe63\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1723 - Information Input Validation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Configure + Container registries to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Container + Registry. Learn more at: https://aka.ms/privatednszone and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint. It should be linked to the private endpoint's associated VNET.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"registry\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"containerRegistry-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1200 - Security Impact Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e98fe9d7-2ed3-44f8-93b7-24dca69783ff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9005,7 +10464,14 @@ interactions: debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be created with infrastructure-encryption enabled + (double encryption)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure data encryption is enabled at the service level and the infrastructure + level with two different encryption algorithms and two different keys, use + an Azure Monitor dedicated cluster. This option is enabled by default when + supported at the region, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys#customer-managed-key-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/isDoubleEncryptionEnabled\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea0dfaed-95fb-448c-934e-d6e713ce393d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea0dfaed-95fb-448c-934e-d6e713ce393d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea3e8156-89a1-45b1-8bd6-938abc79fdfd\"},{\"properties\":{\"displayName\":\"Inherit @@ -9034,11 +10500,10 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea556850-838d-4a37-8ce5-9d7642f95e11\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1542 - Risk Assessment\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Ensure - Function app has 'Client Certificates (Incoming client certificates)' set - to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Function + apps should have 'Client Certificates (Incoming client certificates)' enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client certificates allow for the app to request a certificate for incoming requests. - Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App + Only clients with valid certificates will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eaebaea7-8013-4ceb-9d14-7eb32271373c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -9065,9 +10530,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"log_duration\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\"},{\"properties\":{\"displayName\":\"Deprecated accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts with owner permissions should be removed from your subscription. - \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit Windows machines that don't have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the application @@ -9088,9 +10553,9 @@ interactions: security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms - and two different keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + and two different keys.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -9128,7 +10593,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eca4d7b2-65e2-4e04-95d4-c68606b063c3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1622 - Boundary Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Event Hub namespaces. + Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ed66d4f5-8220-45dc-ab4a-20d1749c74e6\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Key @@ -9167,10 +10641,24 @@ interactions: Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspace to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Machine + Learning workspaces. Learn more at: https://docs.microsoft.com/azure/machine-learning/how-to-network-security-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"amlworkspace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"amlworkspace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee40564d-486e-4f68-a5ca-7a621edae0fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1189 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search services should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your Azure Cognitive + Search service is not exposed on the public internet. Creating private endpoints + can limit exposure of your Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee980b6d-0eca-4501-8d54-f6290fd512c3\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Accounts' for limiting local account use of blank passwords and @@ -9198,8 +10686,14 @@ interactions: enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\"},{\"properties\":{\"displayName\":\"API - Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - network on API Management services of the specified SKU should be enabled.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security, isolation and allows + you to place your API Management service in a non-internet routable network + that you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"evaluatedSkuNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"API Management SKU Names\",\"description\":\"List of API Management SKUs against @@ -9269,12 +10763,21 @@ interactions: TLS version should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Service Bus namespaces. + Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0fcf93c-c063-4071-9668-c47474bd3564\"},{\"properties\":{\"displayName\":\"Deploy Workflow Automation for Azure Security Center alerts\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable automation of Azure Security Center alerts. This policy deploys a workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select - the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow @@ -9285,13 +10788,14 @@ interactions: name contains\",\"description\":\"String included in the required alert name. For a full reference list of Security Center's alerts, see https://docs.microsoft.com/azure/security-center/alerts-reference.\"},\"defaultValue\":\"\"},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Alert is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Alert is created - or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('alertSeverities'),if(equals(parameters('alertName'), + ''), array('3.'), array(parameters('alertName'))))]\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"in\":\"[union(array('Severity'),if(equals(parameters('alertName'), + ''), array('Version'), array('AlertDisplayName')))]\"},{\"count\":{\"value\":\"[parameters('alertSeverities')]\",\"name\":\"alertSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"Severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('alertSeverity')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('alertSeverities'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"severityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"triggerMap\":{\"Manual (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center Alert @@ -9457,25 +10961,28 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b245d4-46c9-42be-9b1a-49e2b5b94194\"},{\"properties\":{\"displayName\":\"Disk encryption should be enabled on Azure Data Explorer\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling disk encryption helps protect and safeguard your data to meet your organizational - security and compliance commitments.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + security and compliance commitments.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy Auditing on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The + region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention days (optional, 180 days if unspecified)\"},\"defaultValue\":\"180\"},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name for storage accounts\",\"description\":\"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing - do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), 0, 3)]\",\"storageName\":\"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('sqlServerAuditingStorageAccount-', - uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"templateLink\":{\"uri\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\"contentVersion\":\"1.0.0.0\"}}},{\"name\":\"[concat(parameters('serverName'), - '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"auditActionsAndGroups\":null,\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft + uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure SQL servers to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1469 - Power Equipment And Cabling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9546,9 +11053,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your virtual machines from potential threats by restricting access to them with network security groups (NSG). Learn more about controlling traffic with - NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit Linux machines that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that @@ -9586,7 +11093,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f771f8cb-6642-45cc-9a15-8a41cd5c6977\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1449 - Physical Access Authorizations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use system-assigned managed identity + authentication when it is supported\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Using + system-assigned managed identity when communicating with data stores via linked + services avoids the use of less secured credentials such as passwords or connection + strings.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"AzureSqlDatabase\",\"AzureSqlMI\",\"AzureSqlDW\",\"AzureBlobFS\",\"AdlsGen2CosmosStructuredStream\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureBlobStorage\",\"AzureDatabricks\"]},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"User + ID=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f78ccdb4-7bf4-4106-8647-270491d2978a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1506 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\"},{\"properties\":{\"displayName\":\"Azure @@ -9609,9 +11124,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f82e3639-fa2b-4e06-a786-932d8379b972\"},{\"properties\":{\"displayName\":\"External accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with owner permissions should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1345 - Cryptographic Module Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9641,15 +11156,21 @@ interactions: Other System Events;ExpectedValue\",\"value\":\"[parameters('AuditOtherSystemEvents')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Diagnostic + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Resource logs in Service Bus should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Service + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Service Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Azure + Event Grid domains should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8f774be-6aee-492a-9e29-486ef81f3a68\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -9666,22 +11187,28 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9a165d2-967d-4733-8399-1074270dae2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Stream Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Stream + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Stream Analytics\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest TLS version should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9d614c5-c173-4d56-95a7-b4437057d193\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Saved-queries + in Azure Monitor should be saved in customer storage account for logs encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + storage account to Log Analytics workspace to protect saved-queries with storage + account encryption. Customer-managed keys are commonly required to meet regulatory + compliance and for more control over the access to your saved-queries in Azure + Monitor. For more details on the above, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys?tabs=portal#customer-managed-key-for-saved-queries.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/workspaces\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/workspaces/forceCmkForQuery\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa298e57-9444-42ba-bf04-86e8470e32c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa298e57-9444-42ba-bf04-86e8470e32c7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa4c2a3d-1294-41a3-9ada-0e540471e9fb\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9727,7 +11254,24 @@ interactions: on Azure Storage encryption at rest can be found here https://aka.ms/azurestoragebyok. \",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/logProfiles\"},{\"field\":\"Microsoft.Insights/logProfiles/storageAccountId\",\"exists\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"value\":\"[contains(field('Microsoft.Insights/logProfiles/storageAccountId'), - subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"[Preview]: + subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Cognitive + Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"searchService\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"searchService-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbc14a67-53e4-4932-abcc-2049c6706009\"},{\"properties\":{\"displayName\":\"Virtual + machines and virtual machine scale sets should have encryption at host enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + encryption at host to get end-to-end encryption for your virtual machine and + virtual machine scale set data. Encryption at host enables encryption at rest + for your temporary disk and OS/data disk caches. Temporary and ephemeral OS + disks are encrypted with platform-managed keys when encryption at host is + enabled. OS/data disk caches are encrypted at rest with either customer-managed + or platform-managed key, depending on the encryption type selected on the + disk. Learn more at https://aka.ms/vm-hbe.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc4d8e41-e223-45ea-9bf5-eada37891d87\"},{\"properties\":{\"displayName\":\"[Preview]: All Internet traffic should be routed via your deployed Azure Firewall\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats @@ -9745,10 +11289,10 @@ interactions: that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines should meet the requirements for the Azure security baseline\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxOMSBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Configuration\",\"version\":\"1.1.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureLinuxBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxOMSBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureLinuxBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -9777,8 +11321,8 @@ interactions: Source\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MariaDB can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall @@ -9792,7 +11336,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1613 - Developer Security Architecture And Design\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"Cognitive + Services accounts should use a managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Assigning + a managed identity to your Cognitive Service account helps ensure secure authentication. + This identity is used by this Cognitive service account to communicate with + other Azure services, like Azure Key Vault, in a secure way without you having + to manage any credentials.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"anyOf\":[{\"field\":\"identity.type\",\"exists\":\"false\"},{\"field\":\"identity.type\",\"equals\":\"None\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe3fd216-4f83-4fc1-8984-2bbec80a3418\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -9803,18 +11354,18 @@ interactions: Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"installed_application_linux\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"},{\"properties\":{\"displayName\":\"Vulnerabilities on your SQL databases should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Monitor Vulnerability Assessment scan results and recommendations for how to remediate - database vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security + database vulnerabilities.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ff9fbd83-1d8d-4b41-aac2-94cb44b33976\"},{\"properties\":{\"displayName\":\"Deploy - export to Log Analytics workspace for Azure Security Center alerts and recommendations\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - export to Log Analytics workspace of Azure Security Center alerts and/or recommendations. - This policy deploys an export to Log Analytics workspace configuration with - your conditions and target workspace on the assigned scope. To deploy this - policy on newly created subscriptions, open the Compliance tab, select the - relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + export to Log Analytics workspace for Azure Security Center data\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + export to Log Analytics workspace of Azure Security Center data. This policy + deploys an export to Log Analytics workspace configuration with your conditions + and target workspace on the assigned scope. To deploy this policy on newly + created subscriptions, open the Compliance tab, select the relevant non-compliant + assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for @@ -9823,17 +11374,20 @@ interactions: configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;\"},\"allowedValues\":[\"Security recommendations\",\"Security - alerts\",\"Overall secure score\",\"Secure score controls\"],\"defaultValue\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -9844,41 +11398,64 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"The Log Analytics workspace of where - the data should be exported to. If you do not already have a log analytics - workspace, visit Log Analytics workspaces to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces).\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + the data should be exported to.\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"ExportToWorkspace\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Log Analytics workspace via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', - subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1158 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fff50cf2-28eb-45b4-b378-c99412688907\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod hostPath volumes can only use allowed host paths in a Kubernetes - Cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Limit + pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -9886,10 +11463,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed host paths\",\"description\":\"The host paths allowed for pod hostPath volumes - to use. Provide an empty paths list to block all host paths.\",\"schema\":{\"type\":\"object\",\"properties\":{\"paths\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"pathPrefix\":{\"type\":\"string\"},\"readOnly\":{\"type\":\"boolean\"}},\"required\":[\"pathPrefix\",\"readOnly\"],\"additionalProperties\":false}}},\"required\":[\"paths\"],\"additionalProperties\":false}},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: + to use. Provide an empty paths list to block all host paths.\"},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time that a certificate can be valid within your key vault.\",\"metadata\":{\"version\":\"2.1.0-preview\",\"category\":\"Key @@ -9934,7 +11513,7 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"less\":\"[parameters('minimumDaysBeforeExpiry')]\"}]},{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"greater\":\"[parameters('maximumPercentageLife')]\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12ef42cb-9903-4e39-9c26-422d29570417\"},{\"properties\":{\"displayName\":\"[Preview]: - Keys should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic + Key Vault keys should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic keys should have a defined expiration date and not be permanent. Keys that are valid forever provide a potential attacker with more time to compromise the key. It is a recommended security practice to set expiration dates on @@ -9943,11 +11522,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods can only use allowed volume types in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + can only use allowed volume types in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -9955,10 +11535,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed volume types\",\"description\":\"The list of volume types that can be used by a pod. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: Enforce labels on pods in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -9966,24 +11548,28 @@ interactions: service\",\"deprecated\":true},\"parameters\":{\"commaSeparatedListOfLabels\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: Comma-separated list of labels\",\"description\":\"A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Enforce - HTTPS ingress in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should be accessible only over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + of HTTPS ensures authentication and protects data in transit from network + layer eavesdropping attacks. This capability is currently generally available + for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc + enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes - clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow containers to use privilege escalation in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow containers to run with privilege escalation to root in a Kubernetes + cluster. This recommendation is part of CIS 5.2.5 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -9991,8 +11577,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: Configure log filter expressions and datastore to be used for full logs for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide log filter expression and datastore to be used for full @@ -10006,22 +11594,24 @@ interactions: used to filter logs. Ex. ^prefix1.*$\"},\"defaultValue\":[]},\"datastore\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Datastore\",\"description\":\"Datastore used to store filtered logs. Ex. LogsDatastore which is configured in AML.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Ensure - services listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces services to listen only on allowed ports in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - service ports list\",\"description\":\"The list of service ports allowed in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should listen only on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + services to listen only on allowed ports to secure access to the Kubernetes + cluster. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + service ports list\",\"description\":\"The list of service ports allowed in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"allowedPorts\":\"[parameters('allowedServicePortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure services listen only on allowed ports in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces services to listen only on allowed ports in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -10059,68 +11649,77 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"approvalEndpoint\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Approval endpoint\",\"description\":\"Approval endpoint that needs to be called before an Azure ML job is run. Ex. http://amlrunapproval/approve\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Enforce - internal load balancers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces load balancers do not have public IPs in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should use internal load balancers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + internal load balancers to make a Kubernetes service accessible only to applications + running in the same virtual network as the Kubernetes cluster. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should disable automounting API credentials\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Disable automounting API credentials to prevent a potentially compromised Pod resource - to run API commands against Kubernetes clusters. For instructions on using - this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Ensure - containers listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces containers to listen only on allowed ports in a Kubernetes + to run API commands against Kubernetes clusters. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only listen on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + containers to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - container ports list\",\"description\":\"The list of container ports allowed - in a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Enforce - labels on pods in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces the specified labels are provided for pods in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List - of labels\",\"description\":\"The list of labels to be specified on Pods in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + container ports list\",\"description\":\"The list of container ports allowed + in a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"allowedPorts\":\"[parameters('allowedContainerPortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods should use specified labels\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + specified labels to identify the pods in a Kubernetes cluster. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy blocks pod containers from sharing the host process ID namespace and - host IPC namespace in a Kubernetes cluster. This policy is generally available - for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled - Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List + of labels\",\"description\":\"The list of labels to be specified on Pods in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Block + pod containers from sharing the host process ID namespace and host IPC namespace + in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS + 5.2.3 which are intended to improve the security of your Kubernetes environments. + This policy is generally available for Kubernetes Service (AKS), and preview + for AKS Engine and Azure Arc enabled Kubernetes. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10128,8 +11727,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time in days that a key can be valid within your key vault.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Key @@ -10141,11 +11742,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"greater\":\"[addDays(field('Microsoft.KeyVault.Data/vaults/keys/attributes.createdOn'), parameters('maximumValidityInDays'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"49a22571-d204-4c91-a7b6-09b1a586fbc9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed AppArmor profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10153,11 +11755,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed AppArmor profiles\",\"description\":\"The list of AppArmor profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed module authors for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide allowed module authors in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit @@ -10168,11 +11772,12 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"allowedModuleAuthors\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Allowed module authors\",\"description\":\"List of allowed module authors.\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"allowedModuleAuthors\",\"value\":\"[parameters('allowedModuleAuthors')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53c70b02-63dd-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53c70b02-63dd-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers do not use forbidden sysctl interfaces in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10180,11 +11785,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden sysctls\",\"description\":\"The list of plain sysctl names or sysctl patterns which end with *. The string * matches all sysctls. For more information, visit https://aka.ms/k8s-policy-sysctl-interfaces.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed registries for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, @@ -10278,11 +11885,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keyType\",\"in\":[\"RSA\",\"RSA-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keySize\",\"less\":\"[parameters('minimumRSAKeySize')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82067dbb-e53b-4e06-b631-546d197452d9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls pod access to the host network and the allowable host port - range in a Kubernetes cluster. This policy is generally available for Kubernetes - Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. - For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + pod access to the host network and the allowable host port range in a Kubernetes + cluster. This recommendation is part of CIS 5.2.4 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10290,14 +11898,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow host network usage\",\"description\":\"Set this value to true if pod is allowed to use host network otherwise false.\"},\"defaultValue\":false},\"minPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Min host port\",\"description\":\"The minimum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0},\"maxPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Max host port\",\"description\":\"The maximum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the Azure integrated certificate authorities that can issue certificates in your key vault such @@ -10307,25 +11917,29 @@ interactions: certificate authorities supported by Azure Key Vault.\"},\"allowedValues\":[\"DigiCert\",\"GlobalSign\"],\"defaultValue\":[\"DigiCert\",\"GlobalSign\"]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' - turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Do - not allow privileged containers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow privileged containers creation in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster should not allow privileged containers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow privileged containers creation in a Kubernetes cluster. This recommendation + is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes + environments. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed seccomp profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed seccomp profiles in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10333,13 +11947,17 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed seccomp profiles\",\"description\":\"The list of seccomp profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: - Secrets should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"It - is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: + Key Vault secrets should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Secrets + should have a defined expiration date and not be permanent. Secrets that are + valid forever provide a potential attacker with more time to compromise them. + It is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' @@ -10347,16 +11965,19 @@ interactions: Kubernetes clusters should not use the default namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. - For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified non-integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the custom or internal @@ -10370,19 +11991,21 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName\",\"notContains\":\"[parameters('caCommonName')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a22f4a40-01d3-4c7d-8071-da157eeff341\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should not use specific security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent specific security capabilities in Kubernetes clusters to prevent ungranted - privileges on the Pod resource. For instructions on using this policy, please - visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Blocked - capabilities\",\"description\":\"List of capabilities that containers are - not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Blocked capabilities\",\"description\":\"List of capabilities that containers + are not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure CPU and memory resource limits defined on containers in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy ensures CPU and memory resource limits are defined on containers in an Azure Kubernetes Service cluster. This policy is deprecated, please visit @@ -10413,10 +12036,10 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Deprecated]: Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to - exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Deprecated]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fd3e59-6390-4f2b-8247-ea676bd03e2d\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates using elliptic curve cryptography should have allowed curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage the allowed elliptic curve names for ECC Certificates stored in key vault. @@ -10427,11 +12050,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\"in\":[\"EC\",\"EC-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName\",\"notIn\":\"[parameters('allowedECNames')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd78111f-4953-4367-9fd5-7e08808b54bf\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed capabilities in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + the capabilities to reduce the attack surface of containers in a Kubernetes + cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are + intended to improve the security of your Kubernetes environments. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10439,12 +12063,14 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed capabilities\",\"description\":\"The list of capabilities that are allowed to be added to a container. Provide empty list as input to block everything.\"},\"defaultValue\":[]},\"requiredDropCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Required drop capabilities\",\"description\":\"The list of capabilities that must be dropped by a container.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Specify the number of days that a key should be active. Keys that are used for an extended period of time increase the probability that an attacker could compromise @@ -10472,12 +12098,43 @@ interactions: Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"Kubernetes service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers run with a read only root file system in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"[Preview]: + Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"To + reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux + capabilities. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"CAP_SYS_ADMIN\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d2e7ea85-6b44-4317-a0be-1b951587f626\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d2e7ea85-6b44-4317-a0be-1b951587f626\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should only use allowed external IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes + cluster. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from + policy evaluation. Providing a value for this parameter is optional.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + inclusions\",\"description\":\"List of Kubernetes namespaces to only include + in policy evaluation. An empty list means the policy is applied to all resources + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedExternalIPs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + External IPs\",\"description\":\"List of External IPs that services are allowed + to use. Empty array means all external IPs are disallowed.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedExternalIPs\":\"[parameters('allowedExternalIPs')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d46c275d-1680-448d-b2ec-e495a3b6cc89\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d46c275d-1680-448d-b2ec-e495a3b6cc89\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Run + containers with a read only root file system to protect from changes at run-time + with malicious binaries being added to PATH in a Kubernetes cluster. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10485,13 +12142,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods and containers only use allowed SELinux options in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + and containers should only use allowed SELinux options in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10499,29 +12159,33 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed SELinux options\",\"description\":\"The allowed configurations for pod and container level SELinux Options. Provide empty options list as input to block - everything.\",\"schema\":{\"type\":\"object\",\"properties\":{\"options\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"level\":{\"type\":\"string\"},\"role\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"},\"user\":{\"type\":\"string\"}},\"additionalProperties\":false}}},\"required\":[\"options\"],\"additionalProperties\":false}},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Ensure - container CPU and memory resource limits do not exceed the specified limits - in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures container CPU and memory resource limits are defined and do - not exceed the specified limits in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed CPU units\",\"description\":\"The maximum CPU units allowed for a - container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed memory bytes\",\"description\":\"The maximum memory bytes allowed - for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + everything.\"},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers CPU and memory resource limits should not exceed the specified + limits\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Enforce + container CPU and memory resource limits to prevent resource exhaustion attacks + in a Kubernetes cluster. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed CPU units\",\"description\":\"The maximum CPU units allowed for a + container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed memory bytes\",\"description\":\"The maximum memory bytes allowed + for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: Secrets should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"If your secrets were created with an activation date set in the future, you must ensure that your secrets have not been active for longer than the specified @@ -10534,12 +12198,13 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/secrets\"},{\"value\":\"[utcNow()]\",\"greater\":\"[addDays(if(empty(field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.createdOn'), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), parameters('maximumValidityInDays'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d99835-8a06-45ae-a8e0-87a91941ccfe\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls the user, primary group, supplemental group and file system - group IDs that pods and containers can use to run in a Kubernetes Cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Control + the user, primary group, supplemental group and file system group IDs that + pods and containers can use to run in a Kubernetes Cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10547,29 +12212,32 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as user rule\",\"description\":\"The 'RunAsUser' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MustRunAsNonRoot\",\"RunAsAny\"],\"defaultValue\":\"MustRunAsNonRoot\"},\"runAsUserRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed user ID ranges\",\"description\":\"The user ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as group rule\",\"description\":\"The 'RunAsGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"runAsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed group ID ranges\",\"description\":\"The group ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental group rule\",\"description\":\"The 'SupplementalGroups' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"supplementalGroupsRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed supplemental group ID ranges\",\"description\":\"The supplemental group ID - ranges that are allowed for containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File + ranges that are allowed for containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File system group rule\",\"description\":\"The 'FSGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"fsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed file system group ID ranges\",\"description\":\"The file system group ranges - that are allowed for pods to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"},\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod FlexVolume volumes only use allowed drivers in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + that are allowed for pods to use.\"},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10577,10 +12245,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed FlexVolume drivers\",\"description\":\"The list of drivers that FlexVolume volumes are allowed to use. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should not expire within the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage certificates that will expire within a specified number of days to ensure your organization has sufficient time to rotate the certificate prior to expiration.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Key @@ -10591,11 +12261,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn\",\"lessOrEquals\":\"[addDays(utcNow(), parameters('daysToExpire'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f772fb64-8e40-40ad-87bc-7706e1949427\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed ProcMountType in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed ProcMountTypes in a Kubernetes cluster. This + recommendation is part of Pod Security Policies which are intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -10603,25 +12274,29 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The ProcMountType that containers are allowed to use in the cluster.\"},\"allowedValues\":[\"Unmasked\",\"Default\"],\"defaultValue\":\"Default\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Ensure - only allowed container images in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures only allowed container images are running in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed - container images regex\",\"description\":\"The RegEx rule used to match allowed - container images in a Kubernetes cluster. For example, to allow any Azure - Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed images\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + images from trusted registries to reduce the Kubernetes cluster's exposure + risk to unknown vulnerabilities, security issues and malicious images. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed + container images regex\",\"description\":\"The RegEx rule used to match allowed + container images in a Kubernetes cluster. For example, to allow any Azure + Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"imageRegex\":\"[parameters('allowedContainerImagesRegex')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: Keys using elliptic curve cryptography should have the specified curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Keys backed by elliptic curve cryptography can have different curve names. Some applications are only compatible with specific elliptic curve keys. Enforce @@ -10631,17 +12306,17 @@ interactions: names for elliptic curve cryptography certificates.\"},\"allowedValues\":[\"P-256\",\"P-256K\",\"P-384\",\"P-521\"],\"defaultValue\":[\"P-256\",\"P-256K\",\"P-384\",\"P-521\"]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' - turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keyType\",\"in\":[\"EC\",\"EC-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/ellipticCurveName\",\"notIn\":\"[parameters('allowedECNames')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ff25f3c8-b739-4538-9d07-3d6d25cfb255\"},{\"properties\":{\"displayName\":\"test_policy000004_new\",\"policyType\":\"Custom\",\"mode\":\"Indexed\",\"description\":\"desc_for_test_policy_123_new\",\"metadata\":{\"category\":\"test2\",\"createdBy\":\"5310aa29-9a44-4cbc-adb3-6347a539537e\",\"createdOn\":\"2020-12-17T19:15:45.5718334Z\",\"updatedBy\":\"5310aa29-9a44-4cbc-adb3-6347a539537e\",\"updatedOn\":\"2020-12-17T19:15:47.3012012Z\"},\"parameters\":{\"allowedLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keyType\",\"in\":[\"EC\",\"EC-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/ellipticCurveName\",\"notIn\":\"[parameters('allowedECNames')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ff25f3c8-b739-4538-9d07-3d6d25cfb255\"},{\"properties\":{\"displayName\":\"test_policy000004_new\",\"policyType\":\"Custom\",\"mode\":\"Indexed\",\"description\":\"desc_for_test_policy_123_new\",\"metadata\":{\"category\":\"test2\",\"createdBy\":\"9ac534f1-d577-4034-a32d-48de400dacbf\",\"createdOn\":\"2021-03-22T07:12:50.8714322Z\",\"updatedBy\":\"9ac534f1-d577-4034-a32d-48de400dacbf\",\"updatedOn\":\"2021-03-22T07:12:52.3927893Z\"},\"parameters\":{\"allowedLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed locations 2\"}}},\"policyRule\":{\"if\":{\"not\":{\"field\":\"location\",\"in\":\"[parameters('allowedLocations')]\"}},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"azure-cli-test-policy000003\"}]}" headers: cache-control: - no-cache content-length: - - '2498848' + - '2921252' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:48 GMT + - Mon, 22 Mar 2021 07:12:53 GMT expires: - '-1' pragma: @@ -10671,15 +12346,15 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:15:47.3012012Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T07:12:52.3927893Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: cache-control: @@ -10689,7 +12364,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:51 GMT + - Mon, 22 Mar 2021 07:12:55 GMT expires: - '-1' pragma: @@ -10719,15 +12394,15 @@ interactions: ParameterSetName: - --policy -n --display-name --params --scope --enforcement-mode User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:15:47.3012012Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T07:12:52.3927893Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: cache-control: @@ -10737,7 +12412,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:51 GMT + - Mon, 22 Mar 2021 07:12:55 GMT expires: - '-1' pragma: @@ -10775,15 +12450,15 @@ interactions: ParameterSetName: - --policy -n --display-name --params --scope --enforcement-mode User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005?api-version=2019-09-01 response: body: - string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:52.0927721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}' + string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:56.8592164Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}' headers: cache-control: - no-cache @@ -10792,7 +12467,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:51 GMT + - Mon, 22 Mar 2021 07:12:55 GMT expires: - '-1' pragma: @@ -10820,15 +12495,15 @@ interactions: ParameterSetName: - --scope User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments?$filter=atScope()&api-version=2019-09-01 response: body: - string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:52.0927721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}]}' + string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:56.8592164Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}]}' headers: cache-control: - no-cache @@ -10837,7 +12512,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:52 GMT + - Mon, 22 Mar 2021 07:12:57 GMT expires: - '-1' pragma: @@ -10869,15 +12544,15 @@ interactions: ParameterSetName: - -n --scope User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005?api-version=2019-09-01 response: body: - string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:52.0927721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}' + string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:56.8592164Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}' headers: cache-control: - no-cache @@ -10886,7 +12561,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:52 GMT + - Mon, 22 Mar 2021 07:12:57 GMT expires: - '-1' pragma: @@ -10918,24 +12593,39 @@ interactions: ParameterSetName: - --disable-scope-strict-match User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01 response: body: - string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T18:56:35.125629Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T18:57:06.5202849Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","type":"Microsoft.Authorization/policyAssignments","name":"location-lock"}]}' + string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deny-nsg-rule-internet-inbound","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/deny-nsg-rule-internet-inbound","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"The + policy block deployment of domain service, I deleted the policy in my resource + group, and found that will apply to the whole subscription. Assign the policy + again.","metadata":{"assignedBy":"jiasli@microsoft.com","parameterScopes":{},"createdBy":"97233d81-8d2d-4e63-8bd2-ae5707805489","createdOn":"2020-03-04T10:07:29.1757898Z","updatedBy":"f0f844e0-d2fe-4aa3-8e2c-2e429618f305","updatedOn":"2020-09-11T07:45:35.593868Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/36e07b214d59455886a2b76b","type":"Microsoft.Authorization/policyAssignments","name":"36e07b214d59455886a2b76b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deny-nsg-internet-inbound","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/deny-nsg-internet-inbound","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"The + policy block deployment of domain service, I deleted it from my resource group + and found that it applied to the the whole subscription.\nRe assign the policy.","metadata":{"assignedBy":"jiasli@microsoft.com","parameterScopes":{},"createdBy":"97233d81-8d2d-4e63-8bd2-ae5707805489","createdOn":"2020-03-04T10:06:22.2583329Z","updatedBy":"f0f844e0-d2fe-4aa3-8e2c-2e429618f305","updatedOn":"2020-09-11T07:45:42.2359171Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/5b5ec388a1b6480391640d13","type":"Microsoft.Authorization/policyAssignments","name":"5b5ec388a1b6480391640d13"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deny_load_balancer_rules_and_inbound_nat_rules","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bfedda4d-ba65-4ba3-9df1-9eb8a13a0f09","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_azure-sample-node06b5c4550e194ae5ac_nodejs-sample06b5c4550e194ae5acdev_eastus","/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/xichengroup"],"parameters":{},"description":"","metadata":{"assignedBy":"xiaojxu@microsoft.com + ","parameterScopes":{},"createdBy":"b5ed59e8-f00d-4396-af62-8297e36d8b52","createdOn":"2020-04-16T10:28:45.5317863Z","updatedBy":"f0f844e0-d2fe-4aa3-8e2c-2e429618f305","updatedOn":"2020-09-11T07:45:55.4578065Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/5d00856604b74b80927cca6e","type":"Microsoft.Authorization/policyAssignments","name":"5d00856604b74b80927cca6e"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deny-nic-no-nsg","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/deny-nic-no-nsg","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/wls-admin"],"parameters":{},"description":"The + policy block deployment of domain service, I deleted the policy in my resource + group, and found that will apply to the whole subscription. \nAssign the policy + again.","metadata":{"assignedBy":"jiasli@microsoft.com ","parameterScopes":{},"createdBy":"97233d81-8d2d-4e63-8bd2-ae5707805489","createdOn":"2020-03-04T10:04:31.0026973Z","updatedBy":"f0f844e0-d2fe-4aa3-8e2c-2e429618f305","updatedOn":"2020-09-11T07:46:03.3893374Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8805e4466db647d1beda40e2","type":"Microsoft.Authorization/policyAssignments","name":"8805e4466db647d1beda40e2"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ASC + DataProtection (subscription: 0b1f6471-1bf0-4dda-aec3-cb9272f09590)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"This + policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security + Center","createdBy":"2f8a138f-0955-44e1-9124-c386dfaecad4","createdOn":"2019-11-25T02:19:57.9086573Z","updatedBy":"f0f844e0-d2fe-4aa3-8e2c-2e429618f305","updatedOn":"2020-09-11T07:46:19.7881156Z","parameterScopes":{}},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"30601973-dcd6-4c4e-85e8-dc6e057238fa","tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/DataProtectionSecurityCenter","type":"Microsoft.Authorization/policyAssignments","name":"DataProtectionSecurityCenter","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ASC + Default (subscription: 0b1f6471-1bf0-4dda-aec3-cb9272f09590)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"azurePolicyAddonStatusEffect":{"value":"Audit"},"allowedContainerImagesInKubernetesClusterEffect":{"value":"audit"},"privilegedContainersShouldBeAvoidedEffect":{"value":"audit"},"allowedContainerPortsInKubernetesClusterEffect":{"value":"audit"},"allowedServicePortsInKubernetesClusterEffect":{"value":"audit"},"noPrivilegeEscalationInKubernetesClusterEffect":{"value":"audit"},"noSharingSensitiveHostNamespacesInKubernetesEffect":{"value":"audit"},"readOnlyRootFileSystemInKubernetesClusterEffect":{"value":"audit"},"allowedCapabilitiesInKubernetesClusterEffect":{"value":"audit"},"allowedAppArmorProfilesInKubernetesClusterEffect":{"value":"audit"},"allowedHostNetworkingAndPortsInKubernetesClusterEffect":{"value":"audit"},"allowedHostPathVolumesInKubernetesClusterEffect":{"value":"audit"},"memoryAndCPULimitsInKubernetesClusterEffect":{"value":"audit"},"mustRunAsNonRootNamespaceEffect":{"value":"audit"}},"description":"This + policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security + Center","createdBy":null,"createdOn":null,"updatedBy":"2f8a138f-0955-44e1-9124-c386dfaecad4","updatedOn":"2020-09-21T16:12:54.2700629Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"}]}' headers: cache-control: - no-cache content-length: - - '686' + - '10449' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:52 GMT + - Mon, 22 Mar 2021 07:12:58 GMT expires: - '-1' pragma: @@ -10967,15 +12657,15 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:15:45.5718334Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:15:47.3012012Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:12:50.8714322Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T07:12:52.3927893Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: cache-control: @@ -10985,7 +12675,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:15:53 GMT + - Mon, 22 Mar 2021 07:12:58 GMT expires: - '-1' pragma: @@ -11017,8 +12707,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -11041,11 +12731,28 @@ interactions: Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Vulnerability + assessment should be enabled on your Synapse workspaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Discover, + track, and remediate potential vulnerabilities by configuring recurring SQL + vulnerability assessment scans on your Synapse workspaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0049a6b3-a662-4f3e-8635-39cf44ace45a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"Azure + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"SQL + Server Integration Services integration runtimes on Azure Data Factory should + be joined to a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security and isolation for your + SQL Server Integration Services integration runtimes on Azure Data Factory, + as well as subnets, access control policies, and other features to further + restrict access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.vnetProperties.vnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0088bc63-6dee-4a9c-9d29-91cfdc848952\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Batch accounts without a need for public IP addresses at the source or + destination. Learn more about private endpoints in Batch at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/009a0c92-f5b4-4776-9b66-4ed2b4775563\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"009a0c92-f5b4-4776-9b66-4ed2b4775563\"},{\"properties\":{\"displayName\":\"Azure Backup should be enabled for Virtual Machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure Backup is a secure and cost effective data protection solution for Azure.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -11112,7 +12819,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03b78f5e-4877-4303-b0f4-eb6583f25768\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1361 - Incident Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Azure + Kubernetes Service Private Clusters should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + the private cluster feature for your Azure Kubernetes Service cluster to ensure + network traffic between your API server and your node pools remains on the + private network only. This is a common requirement in many regulatory and + industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"field\":\"Microsoft.ContainerService/managedClusters/apiServerAccessProfile.enablePrivateCluster\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"040732e8-d947-40b8-95d6-854c95024bf8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1594 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"042ba2a1-8bb8-45f4-b080-c78cf62b90e9\"},{\"properties\":{\"displayName\":\"Audit @@ -11135,10 +12848,11 @@ interactions: when deploying Azure Cosmos DB resources.\",\"strongType\":\"location\"}},\"policyEffect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/Locations[*]\",\"where\":{\"value\":\"[replace(toLower(first(field('Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName'))), ' ', '')]\",\"in\":\"[parameters('listOfAllowedLocations')]\"}},\"notEquals\":\"[length(field('Microsoft.DocumentDB/databaseAccounts/Locations[*]'))]\"}]},\"then\":{\"effect\":\"[parameters('policyEffect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0473574d-2d43-4217-aefe-941fcdf7e684\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0473574d-2d43-4217-aefe-941fcdf7e684\"},{\"properties\":{\"displayName\":\"SQL - Managed Instance TDE protector should be encrypted with your own key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent - Data Encryption (TDE) with your own key support provides increased transparency - and control over the TDE Protector, increased security with an HSM-backed - external service, and promotion of separation of duties.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + managed instances should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Implementing + Transparent Data Encryption (TDE) with your own key provides you with increased + transparency and control over the TDE Protector, increased security with an + HSM-backed external service, and promotion of separation of duties. This recommendation + applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"048248b0-55cd-46da-b1ff-39efd52db260\"},{\"properties\":{\"displayName\":\"[Preview]: Network traffic data collection agent should be installed on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Security @@ -11175,11 +12889,11 @@ interactions: Managed Control 1572 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\"},{\"properties\":{\"displayName\":\"Azure - API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + API for FHIR should use a customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer - of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API for FHIR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HealthcareApis/services\"},{\"field\":\"Microsoft.HealthcareApis/services/cosmosDbConfiguration.keyVaultKeyUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"051cba44-2429-45b9-9649-46cec11c7119\"},{\"properties\":{\"displayName\":\"Deploy Log Analytics agent for Linux VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy @@ -11198,9 +12912,14 @@ interactions: Managed Control 1331 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"05460fe2-301f-4ed1-8174-d62c8bb92ff4\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Azure Front Door Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Azure Front Door Service. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Application Firewall (WAF) should be enabled for Azure Front Door Service + service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/frontdoors\"},{\"field\":\"Microsoft.Network/frontdoors/frontendEndpoints[*].webApplicationFirewallPolicyLink.id\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"055aa869-bc98-4af8-bafc-23f1ab6ffe2c\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity @@ -11213,15 +12932,15 @@ interactions: that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Data Lake Store should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -11241,7 +12960,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063b540e-4bdc-4e7a-a569-3a42ddf22098\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1688 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + access the private endpoint(s) for Storage Sync Service resource interfaces + from a registered server, you need to configure your DNS to resolve the correct + names to your private endpoint's private IP addresses. This policy creates + the requisite Azure Private DNS Zone and A records for the interfaces of your + Storage Sync Service private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"Private + DNS Zone Identifier\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"afs\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f\",\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-afs\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"06695360-db88-47f6-b976-7500d4297475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"068260be-a5e6-4b0a-a430-cd27071c226a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11259,7 +12987,7 @@ interactions: network access should be disabled for Cognitive Services accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only - connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0725b4dd-7e76-479c-a735-68e7ee23d5ca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated @@ -11271,16 +12999,16 @@ interactions: app. Allow only required domains to interact with your Function app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed. The list of OS images will be updated over - time as support is updated.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled @@ -11315,18 +13043,18 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Search/searchServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08ba64b8-738f-4918-9686-730d2ed79c7d\"},{\"properties\":{\"displayName\":\"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential - attack surface\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security + attack surface\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There should be more than one owner assigned to your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate more than one subscription owner in order to have - administrator access redundancy.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + administrator access redundancy.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1159 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0925f098-7877-450b-8ba4-d1e55f2d8795\"},{\"properties\":{\"displayName\":\"Disk @@ -11376,13 +13104,13 @@ interactions: to Azure Database for MariaDB. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"[Preview]: - Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"Azure + Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements - and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft + and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1654 - Voice Over Internet Protocol\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a2ee16e-ab1f-414a-800b-d1608835862b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11393,7 +13121,7 @@ interactions: implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a77fcc7-b8d8-451a-ab52-56197913c0c7\"},{\"properties\":{\"displayName\":\"Audit resource location matches resource group location\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - that the resource location matches its resource group location\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"location\",\"notIn\":[\"[resourcegroup().location]\",\"global\"]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: + that the resource location matches its resource group location\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[resourcegroup().location]\"},{\"field\":\"location\",\"notEquals\":\"global\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -11409,7 +13137,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\"}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your containers with greater flexibility using customer-managed keys. When + you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.vaultBaseUrl\",\"exists\":false},{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.keyName\",\"exists\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0aa61e00-0a01-4a3c-9945-e93cffedf0e6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1044 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0abbac52-57cf-450d-8408-1208d0dd9e90\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11417,25 +13153,24 @@ interactions: Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0afce0b3-dd9f-42bb-af28-1e4284ba8311\"},{\"properties\":{\"displayName\":\"Email - notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - emailing security alerts to the subscription owner, in order to have them - receive security alert emails from Microsoft. This ensures that they are aware - of any potential security issues and can mitigate the risk in a timely fashion\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure your subscription owners are notified when there is a potential security + breach in their subscription, set email notifications to subscription owners + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"not\":{\"allOf\":[{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"equals\":\"Off\"},{\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\",\"equals\":\"High\"}]}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b1aa965-7502-41f9-92be-3e2fe7cc392a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1020 - Account Management | Role-Based Schemes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b291ee8-3140-4cad-beb7-568c077c78ce\"},{\"properties\":{\"displayName\":\"Key - vault should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + vaults should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious deletion of a key vault can lead to permanent data loss. A malicious insider - in your organization may potentially be able to gain access to delete and - purge key vaults. Purge protection protects you from insider attacks by enforcing - a mandatory retention period for soft deleted key vaults. No one inside your - organization or Microsoft will be able to purge your key vaults during the - soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key + in your organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -11465,15 +13200,29 @@ interactions: certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Automation Accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Automation accounts without a need for public IP addresses at the source + or destination. Learn more about private endpoints in Azure Automation at + https://docs.microsoft.com/azure/automation/how-to/private-link-security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c2b3618-68a8-4034-a150-ff4abc873462\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c2b3618-68a8-4034-a150-ff4abc873462\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1496 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ca96127-2f87-46ab-a4fc-0d2a786df1c8\"},{\"properties\":{\"displayName\":\"SQL - server TDE protector should be encrypted with your own key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent - Data Encryption (TDE) with your own key support provides increased transparency + servers should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Implementing + Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed - external service, and promotion of separation of duties.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Microsoft + external service, and promotion of separation of duties. This recommendation + applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Private + endpoint should be enabled for IoT Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections enforce secure communication by enabling private connectivity + to IoT Hub. Configure a private endpoint connection to enable access to traffic + coming only from known networks and prevent access from all other IP addresses, + including within Azure.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d40b058-9f95-4a19-93e3-9b0330baa2a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d40b058-9f95-4a19-93e3-9b0330baa2a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1518 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d58f734-c052-40e9-8b2f-a1c2bff0b815\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11493,9 +13242,9 @@ interactions: visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDefenderExploitGuard\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy a flow log resource with target network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configures flow log for specific network security group. It will allow to log information about IP traffic flowing through an network security group. Flow log helps @@ -11532,7 +13281,13 @@ interactions: Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Authorized + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure File Sync to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Azure File Sync's internet-accessible public endpoint are disabled by your + organizational policy. You may still access the Storage Sync Service via its + private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"Audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"value\":\"AllowVirtualNetworksOnly\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0e07b2e9-6cd9-4c40-9ccb-52817b95133b\"},{\"properties\":{\"displayName\":\"Authorized IP ranges should be defined on Kubernetes Services\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized @@ -11569,7 +13324,15 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ecd903d-91e7-4726-83d3-a229d7f2e293\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1601 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"[Preview]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"Configure + Batch accounts with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Batch + accounts, you can reduce data leakage risks. Learn more about private links + at: https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"equals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"batchAccount\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ef5aac7-c064-427a-b87b-d47b3ddcaf73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ef5aac7-c064-427a-b87b-d47b3ddcaf73\"},{\"properties\":{\"displayName\":\"[Preview]: Audit Azure Spring Cloud instances where distributed tracing is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Distributed tracing tools in Azure Spring Cloud allow debugging and monitoring the complex interconnections between microservices in an application. Distributed tracing @@ -11593,7 +13356,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fb8d3ce-9e96-481c-9c68-88d4e3019310\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1017 - Account Management | Inactivity Logout\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"CORS + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Container registries\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that container registries + are not exposed on the public internet. Creating private endpoints can limit + exposure of container registry resources. Learn more at: https://aka.ms/acr/portal/public-network + and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fdf0491-d080-4575-b627-ad0e843cba0f\"},{\"properties\":{\"displayName\":\"CORS should not allow every domain to access your API for FHIR\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly @@ -11641,21 +13411,29 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11158848-f679-4e9b-aa7b-9fb07d945071\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1432 - Media Storage\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Cognitive + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure IoT Hubs to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint. This policy disables + public network access on IoT Hub resources.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/114eec6e-5e59-4bad-999d-6eceeb39d582\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"114eec6e-5e59-4bad-999d-6eceeb39d582\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should use customer owned storage or enable data encryption.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed. The list of OS images is updated + over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - System settings'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - System settings' for certificate rules on executables for SRP and @@ -11728,9 +13506,9 @@ interactions: Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow - in adaptive application control policies.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + in adaptive application control policies.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web Application Firewall (WAF) should use the specified mode for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Mandates the use of 'Detection' or 'Prevention' mode to be active on all Web Application Firewall policies for Application Gateway.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -11738,7 +13516,13 @@ interactions: Requirement\",\"description\":\"Mode required for all WAF policies\"},\"allowedValues\":[\"Prevention\",\"Detection\"],\"defaultValue\":\"Detection\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies\"},{\"field\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.mode\",\"notEquals\":\"[parameters('modeRequirement')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12430be1-6cc8-4527-a9a8-e3d38f250096\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use Key Vault for storing secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure secrets (such as connection strings) are managed securely, require + users to provide secrets using an Azure Key Vault instead of specifying them + inline in linked services.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"exists\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"PWD=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"Password=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"CredString=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"pwd=\"}]}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"exists\":\"false\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSearch.typeProperties.key.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/CosmosDb.typeProperties.accountKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.encryptedCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.mwsAuthToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.secretKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonS3.typeProperties.secretAccessKey.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential.type\",\"equals\":\"SecureString\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken.type\",\"equals\":\"SecureString\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Odbc.typeProperties.credential.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleAdWords.typeProperties.developerToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.clientSecret.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.refreshToken.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"MongoDbAtlas\",\"MongoDbV2\"]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCert.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCertPassword.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.privateKeyContent.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.passPhrase.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Salesforce.typeProperties.securityToken.type\",\"equals\":\"SecureString\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"127ef6d7-242f-43b3-9eef-947faf1725d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1240 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"129eb39f-d79a-4503-84cd-92f036b5e429\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -11792,7 +13576,18 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"134d7a13-ba3e-41e2-b236-91bfcfa24e01\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1184 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"[Preview]: + Configure machines to receive the Qualys vulnerability assessment agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Defender includes vulnerability scanning for your machines at no extra cost. + You don't need a Qualys license or even a Qualys account - everything's handled + seamlessly inside Security Center. Machines which don't have the Qualys vulnerability + assessment agent deployed automatically receive the agent if this policy is + enabled.\",\"metadata\":{\"category\":\"Security Center\",\"preview\":true,\"version\":\"2.0.0-preview\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]},\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"template\":{\"contentVersion\":\"1.0.0.0\",\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"parameters\":{\"vmName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.compute/virtualmachines'))]\",\"type\":\"Microsoft.Compute/virtualMachines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"},{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.hybridcompute/machines'))]\",\"type\":\"Microsoft.HybridCompute/machines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"}]},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}}}},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\",\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13ce0167-8ca6-4048-8e6b-f996402e3c1b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1085 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13d117e0-38b0-4bbb-aaab-563be5dd10ba\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11857,7 +13652,38 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;MembersToExclude\",\"value\":\"[parameters('MembersToExclude')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityWindowsAgent\":\"[concat('deployAzureSecurityWindowsAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityWindowsAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityWindowsAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1537496a-b1e8-482b-a06a-1cc2415cdc7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1157 - Plan Of Action And Milestones\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"15495367-cf68-464c-bbc3-f53ca5227b7a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11920,7 +13746,15 @@ interactions: '-', uniqueString(parameters('targetManagedApplicationId')))]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"associatedResourceName\":{\"type\":\"string\"},\"resourceTypesToAssociate\":{\"type\":\"string\"},\"targetManagedApplicationId\":{\"type\":\"string\"},\"associationNamePrefix\":{\"type\":\"string\"}},\"variables\":{\"resourceType\":\"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\"resourceName\":\"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2017-05-10\",\"name\":\"[concat(deployment().Name, - '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"Transparent + '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"[ASC + Private Preview] Deploy - Configure system-assigned managed identity to enable + Azure Monitor assignments on VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"[ASC + Private Preview] Configure system-assigned managed identity to virtual machines + hosted in Azure that are supported by Azure Monitor that do not have a system-assigned + managed identity. A system-assigned managed identity is a prerequisite for + all Azure Monitor assignments and must be added to machines before using any + Azure Monitor extension. Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.2.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"value\":\"[requestContext().apiVersion]\",\"greaterOrEquals\":\"2018-10-01\"},{\"field\":\"identity.type\",\"notContains\":\"SystemAssigned\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"identity.type\",\"value\":\"[if(contains(field('identity.type'), + 'UserAssigned'), concat(field('identity.type'), ',SystemAssigned'), 'SystemAssigned')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17b3de92-f710-4cf4-aa55-0e7859f1ed7b\"},{\"properties\":{\"displayName\":\"Transparent Data Encryption on SQL databases should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -11931,14 +13765,13 @@ interactions: Managed Control 1480 - Temperature And Humidity Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18a767cc-1947-4338-a240-bc058c81164f\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - PostgreSQL database servers enables implementing a separation of duties in - the management of keys and data. When you configure a customer-managed key, - the key is used to protect and control access to the key that encrypts your - data. You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18adea5e-f416-4d0f-8aa8-d24321e3e274\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1369 - Incident Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -11974,7 +13807,13 @@ interactions: your app services are overly permissive and allow inbound traffic from ranges that are too broad\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Vulnerability + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Azure + Event Grid topics should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1adadefe-5f21-44f7-b931-a59b54ccdb45\"},{\"properties\":{\"displayName\":\"Vulnerability assessment should be enabled on SQL Managed Instance\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -11983,7 +13822,8 @@ interactions: network access on Azure SQL Database should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration - denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure + denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API @@ -11993,13 +13833,21 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machines if the VM Image (OS) is in the - list defined and the agent is not installed. The list of OS images will be - updated over time as support is updated.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Azure + Service Bus namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Service Bus namespaces, + data leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c06e275-d63d-4540-b761-71f364c2111d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c06e275-d63d-4540-b761-71f364c2111d\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Dependency agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c210e94-a481-4beb-95fa-1571b434fb04\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -12008,49 +13856,61 @@ interactions: Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Public + network access on Azure Data Factory should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + Data Factory can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Azure + File Sync should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Creating + a private endpoint for the indicated Storage Sync Service resource allows + you to address your Storage Sync Service resource from within the private + IP address space of your organization's network, rather than through the internet-accessible + public endpoint. Creating a private endpoint by itself does not disable the + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d320205-c6a1-4ac6-873d-46224024e8e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d320205-c6a1-4ac6-873d-46224024e8e2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"Deploy + GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth from the defined git repo. For - instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"preview\":true,\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Configuration resource name\",\"description\":\"The name for the sourceControlConfiguration. - \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator instance name\",\"description\":\"The name of the operator associated - with this configuration. The instance name can contain up to 353 lower-case - alphanumeric characters, hyphen, or period. If enableHelmOperator is true, - then operatorInstanceName + operatorNamespace strings cannot exceed 47 characters - combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator namespace\",\"description\":\"The namespace to use for the configuration - operator. The namespace can contain up to 353 lower-case alphanumeric characters, - hyphen, or period. If enableHelmOperator is true, then operatorInstanceName - + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator scope\",\"description\":\"The permission scope for the operator. - Possible values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator type\",\"description\":\"The type of operator to install. Currently, - 'Flux' is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator parameters\",\"description\":\"Parameters to set on the Flux operator, - separated by spaces. For example, --git-readonly --git-path=namespaces,workloads. - \ Learn more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Repository Url\",\"description\":\"The URL for the source control repository. - Private repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Enable Helm\",\"description\":\"Indicate whether to enable Helm for this instance - of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart version for installing Flux Helm\",\"description\":\"The version - of the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"0.6.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart parameters for installing Flux Helm\",\"description\":\"Parameters - for the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"--git-readonly\",\"[parameters('operatorParams')]\",\"[concat('--git-readonly - ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(parameters('clusterResourceType'), - 'connectedclusters')]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(parameters('clusterResourceType'), - 'managedclusters')]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft + instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"The name of the operator associated with + this configuration. The instance name can contain up to 353 lower-case alphanumeric + characters, hyphen, or period. If enableHelmOperator is true, then operatorInstanceName + + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"The namespace to use for the configuration operator. + The namespace can contain up to 353 lower-case alphanumeric characters, hyphen, + or period. If enableHelmOperator is true, then operatorInstanceName + operatorNamespace + strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --git-path=namespaces,workloads. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Private + repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1538 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d7658b2-e827-49c3-a2ae-6d2bd0b45874\"},{\"properties\":{\"displayName\":\"Virtual @@ -12076,12 +13936,21 @@ interactions: a required tag and its value. Does not apply to resource groups.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Tags\"},\"parameters\":{\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"not\":{\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Key - vault should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting + parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Synapse + workspace. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network#appendix-dns-registration-for-private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Target sub resource the private endpoint + connects to\"},\"allowedValues\":[\"Dev\",\"Sql\",\"SqlOnDemand\"],\"defaultValue\":\"Dev\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('targetSubResource')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"synapse-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\"},{\"properties\":{\"displayName\":\"Key + vaults should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault - can lead to permanent data loss. Soft delete allows you to recover an accidently - deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Key + can lead to permanent data loss. Soft delete allows you to recover an accidentally + deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\"},{\"properties\":{\"displayName\":\"Azure API for FHIR should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure @@ -12095,7 +13964,14 @@ interactions: to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be encrypted with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Create + Azure Monitor logs cluster with customer-managed keys encryption. By default, + the log data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance. Customer-managed + key in Azure Monitor gives you more control over the access to you data, see + https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"exists\":\"false\"}]},{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"exists\":\"false\"}]},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVersion\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f68a601-6e6d-4e42-babf-3f643a047ea2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f68a601-6e6d-4e42-babf-3f643a047ea2\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is @@ -12143,13 +14019,32 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f8c20ce-3414-4496-8b26-0e902a1541da\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB account should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - customer-managed keys to control the encryption at rest of the data stored - in Azure Cosmos DB when this is a regulatory or compliance requirement. Customer-managed - keys also deliver double encryption by adding a second layer of encryption - on top of the default one done with service-managed keys. See https://aka.ms/cosmosdb-cmk\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos + Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/cosmosdb-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Microsoft + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Logic + Apps Integration Service Environment should be encrypted with customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + into Integration Service Environment to manage encryption at rest of Logic + Apps data using customer-managed keys. By default, customer data is encrypted + with service-managed keys, but customer-managed keys are commonly required + to meet regulatory compliance standards. Customer-managed keys enable the + data to be encrypted with an Azure Key Vault key created and owned by you. + You have full control and responsibility for the key lifecycle, including + rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/integrationServiceEnvironments\"},{\"field\":\"Microsoft.Logic/integrationServiceEnvironments/encryptionConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption at host to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling + encryption at host helps protect and safeguard your data to meet your organizational + security and compliance commitments. When you enable encryption at host, data + stored on the VM host is encrypted at rest and flows encrypted to the Storage + service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2006457a-48b3-4f7b-8d2e-1532287f9929\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12166,13 +14061,30 @@ interactions: Image Builder templates should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit VM Image Builder templates that do not have a virtual network configured. When a virtual network is not configured, a public IP is created and used - instead which may expose resources directly to the internet and increase the + instead which may directly expose resources to the internet and increase the potential attack surface.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"VM Image Builder\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.VirtualMachineImages/imageTemplates\"},{\"field\":\"Microsoft.VirtualMachineImages/imageTemplates/vmProfile.vnetConfig\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2154edb9-244f-4741-9970-660785bccdaa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Azure File Sync\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public endpoint allows you to restrict access to your Storage Sync Service + resource to requests destined to approved private endpoints on your organization's + network. There is nothing inherently insecure about allowing requests to the + public endpoint, however, you may wish to disable it to meet regulatory, legal, + or organizational policy requirements. You can disable the public endpoint + for a Storage Sync Service by setting the incomingTrafficPolicy of the resource + to AllowVirtualNetworksOnly.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a8cd35-125e-4d13-b82d-2e19b7208bb7\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a9766a-82a5-4747-abb5-650b6dbba6d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a9766a-82a5-4747-abb5-650b6dbba6d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1111 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21de687c-f15e-4e51-bf8d-f35c8619965b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12212,9 +14124,9 @@ interactions: ports should be closed on your virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Open remote management ports are exposing your VM to a high level of risk from Internet-based attacks. These attacks attempt to brute force credentials to - gain admin access to the machine.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + gain admin access to the machine.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1493 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22b469b3-fccf-42da-aa3b-a28e6fb113ce\"},{\"properties\":{\"displayName\":\"Only @@ -12269,7 +14181,13 @@ interactions: workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Automation account so that it isn't accessible + over the public internet. This configuration helps protect them against data + leakage risks. You can limit exposure of the your Automation account resources + by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Automation\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"value\":false}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1268 - Alternate Storage Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23f6e984-3053-4dfc-ab48-543b764781f5\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12319,9 +14237,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\"},{\"properties\":{\"displayName\":\"Endpoint protection solution should be installed on virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the existence and health of an endpoint protection solution on your virtual - machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1649 - Collaborative Computing Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26d292cc-b0b8-4c29-9337-68abc758bf7b\"},{\"properties\":{\"displayName\":\"Metric @@ -12332,23 +14250,31 @@ interactions: name\",\"description\":\"The metric name that an alert rule must be enabled on\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/alertRules\",\"existenceScope\":\"Subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/alertRules/isEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\"equals\":\"[parameters('metricName')]\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\"equals\":\"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', - field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Enable - Automanage - Azure virtual machine best practices\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Automanage - enrolls, configures, and monitors virtual machines with Azure VM best practice - services. Use this policy to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage - account\",\"description\":\"Select Automanage account from dropdown list. - If this account is outside of the scope of the assignment you must manually - grant 'Contributor' permissions (or similar) on the account to the policy - assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Configure + virtual machines to be onboarded to Azure Automanage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Automanage enrolls, configures, and monitors virtual machines with best practice + as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy + to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage + account\",\"description\":\"The Automanage account is an Azure managed identity + under which virtual machine operations are performed. If this account is outside + of the scope of the assignment you must manually grant 'Contributor' permissions + (or similar) on the account to the policy assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration profile\",\"description\":\"The management services provided are based on whether the machine is intended to be used in a dev/test environment or production.\"},\"allowedValues\":[\"Azure virtual machine best practices \u2013 Production\",\"Azure virtual machine best practices \u2013 Dev/test\"],\"defaultValue\":\"Azure virtual machine - best practices \u2013 Production\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"westus2\",\"westcentralus\",\"westeurope\",\"canadacentral\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), + best practices \u2013 Production\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"eastus2\",\"westus\",\"westus2\",\"centralus\",\"southcentralus\",\"westcentralus\",\"northeurope\",\"westeurope\",\"canadacentral\",\"japaneast\",\"uksouth\",\"australiaeast\",\"australiasoutheast\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"15*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), '/Microsoft.Automanage/', 'default')]\",\"properties\":{\"configurationProfile\":\"[parameters('configurationProfileAssignment')]\",\"accountId\":\"[parameters('automanageAccount')]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/270610db-8c04-438a-a739-e8e6745b22d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"270610db-8c04-438a-a739-e8e6745b22d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1396 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Flow + logs should be enabled for every network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + for flow log resources to verify if flow log status is enabled. Enabling flow + logs allows to log information about IP traffic flowing through network security + group. It can be used for optimizing network flows, monitoring throughput, + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkWatchers/flowLogs\"},{\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27960feb-a23c-4577-8d36-ef8b5f35e0be\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1074 - Access Control For Mobile Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27a69937-af92-4198-9b86-08d355c7e59a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12372,7 +14298,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"283a4e29-69d5-4c94-b99e-29acf003c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1436 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property shuts down public connectivity such that + Azure SQL Server can only be accessed from a private endpoint. This configuration + disables the public network access for all databases under the Azure SQL Server.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -12390,7 +14321,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"AppServices\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2913021d-f2fd-4f3d-b958-22354e2bdbcb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"Service + Bus Premium namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Service Bus supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Service Bus will use to encrypt data in your namespace. Note that Service + Bus only supports encryption with customer-managed keys for premium namespaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"},{\"not\":{\"field\":\"Microsoft.ServiceBus/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"295fc8b1-dc9f-4f53-9c61-3f313ceab40a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -12411,8 +14350,8 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"},{\"properties\":{\"displayName\":\"Storage accounts should restrict network access using virtual network rules\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Protect your storage accounts from potential threats using virtual network rules as - a preferred method to IP-based filtering. Disallowing IP-based filtering prevents - public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"},{\"count\":{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]\"},\"greaterOrEquals\":1}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -12443,14 +14382,22 @@ interactions: ',', 'Audit Authorization Policy Change;ExpectedValue', '=', parameters('AuditAuthorizationPolicyChange')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a7a701e-dff3-4da9-9ec5-42cb98594c0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1274 - Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Synapse + workspace auditing settings should have action groups configured to capture + critical activities\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure your audit logs are as thorough as possible, the AuditActionsAndGroups + property should include all the relevant groups. We recommend adding at least + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, + and BATCH_COMPLETED_GROUP. This is sometimes required for compliance with + regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"FAILED_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"BATCH_COMPLETED_GROUP\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b18f286-371e-4b80-9887-04759970c0d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b18f286-371e-4b80-9887-04759970c0d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1603 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b909c26-162f-47ce-8e15-0c1f55632eac\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should enable data encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using data encryption. For each Cognitive Services account with storage, should enable data encryption @@ -12521,7 +14468,21 @@ interactions: auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Managed + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Public + network access on Azure IoT Hub should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure IoT Hub should use customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encryption + of data at rest in IoT Hub with customer-managed key adds a second layer of + encryption on top of the default service-managed keys, enables customer control + of keys, custom rotation policies, and ability to manage access to data through + key access control. Customer-managed keys must be configured during creation + of IoT Hub. For more information on how to configure customer-managed keys, + see https://aka.ms/iotcmk.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"lessOrEquals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\"},{\"properties\":{\"displayName\":\"Managed workspace virtual network on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling a managed workspace virtual network ensures that your workspace is network isolated from other workspaces. Data integration and Spark resources deployed @@ -12584,7 +14545,13 @@ interactions: Defender for Storage provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cache for Redis resource so that it's + not accessible over the public internet. This helps protect the cache against + data leakage risks.\",\"metadata\":{\"category\":\"Cache\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17\"],\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-06-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/30b3dfa5-a70d-4c8e-bed6-0083858f663d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"30b3dfa5-a70d-4c8e-bed6-0083858f663d\"},{\"properties\":{\"displayName\":\"Audit Windows machines missing any of specified members in the Administrators group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators @@ -12622,14 +14589,21 @@ interactions: Greater Risk\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"31b752c1-05a9-432a-8fce-c39b56550119\"},{\"properties\":{\"displayName\":\"[Preview]: - Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"Microsoft + Log Analytics Agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Windows OS to + add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Linux OS to add + to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"API + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of an API app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/324c7761-08db-4474-9661-d1039abc92ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"324c7761-08db-4474-9661-d1039abc92ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1587 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32820956-9c6d-4376-934c-05cd8525be7c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12744,7 +14718,12 @@ interactions: '/AzurePolicyforLinux')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforLinux\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3470477a-b35a-49db-aca5-1073d04524fe\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1151 - System Interconnections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Azure + Synapse workspaces should allow outbound data traffic only to approved targets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Increase + security of your Synapse workspace by allowing outbound data traffic only + to approved targets. This helps prevention against data exfiltration by validating + the target before sending data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"field\":\"Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.preventDataExfiltration\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3484ce98-c0c5-4c83-994b-c5ac24785218\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1412 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3492d949-0dbb-4589-88b3-7b59601cc764\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12757,22 +14736,22 @@ interactions: accounts should restrict network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To - allow connections from specific internet or on-premise clients, access can + allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet - IP address ranges\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + IP address ranges\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34c877ad-507e-4c82-993e-3452a6e0ad3c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Resource logs in Logic Apps should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Logic + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Logic Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1210 - Configuration Settings\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3502c968-c490-4570-8167-1476f955e9b8\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -12991,7 +14970,7 @@ interactions: implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36b0ef30-366f-4b1b-8652-a3511df11f53\"},{\"properties\":{\"displayName\":\"Deploy Threat Detection on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This - policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), + policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), '/Default')]\",\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"emailAccountAdmins\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -13051,7 +15030,24 @@ interactions: servers;ExpectedValue\",\"value\":\"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid topics to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36ea4b4b-0f7f-4a54-89fa-ab18f555a172\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/domains/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"domain\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36f4658a-848a-467b-881c-e6fa20cf75fc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36f4658a-848a-467b-881c-e6fa20cf75fc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36fbe499-f2f2-41b6-880e-52d7ea1d94a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -13083,15 +15079,15 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.Storage/StorageAccounts\"]},{\"value\":\"[field('type')]\",\"equals\":\"Microsoft.ClassicStorage/storageAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Resource logs in IoT Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Internet + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Internet of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Windows Guest Configuration extension to Windows virtual @@ -13182,7 +15178,16 @@ interactions: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3abeb944-26af-43ee-b83d-32aaf060fb94\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1548 - Vulnerability Scanning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Azure + Synapse workspaces, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-with-private-links.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Dev\"],\"requestMessage\":\"Auto + approved by policy assignment\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b3b0c27-08d2-4b32-879d-19930bee3266\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b3b0c27-08d2-4b32-879d-19930bee3266\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13194,14 +15199,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"operationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operation Name\",\"description\":\"Security Operation name for which activity log alert should exist\"},\"allowedValues\":[\"Microsoft.Security/policies/write\",\"Microsoft.Security/securitySolutions/write\",\"Microsoft.Security/securitySolutions/delete\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/ActivityLogAlerts\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/enabled\",\"equals\":\"true\"},{\"count\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"Security\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"[parameters('operationName')]\"}]}]}},\"equals\":2},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"}},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b980d31-7904-4bb7-8575-5665739a8052\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machine scale sets if the VM Image (OS) - is in the list defined and the agent is not installed. The list of OS images - will be updated over time as support is updated. Note: if your scale set upgradePolicy - is set to Manual, you need to apply the extension to the all virtual machines - in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), + - Configure Dependency agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machine scale sets if the virtual machine + image is in the list defined and the agent is not installed. If your scale + set upgradePolicy is set to Manual, you need to apply the extension to all + the virtual machines in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"},{\"properties\":{\"displayName\":\"PostgreSQL server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual @@ -13210,28 +15216,28 @@ interactions: Azure boundary. This policy provides a way to audit if the Azure Database for PostgreSQL has virtual network service endpoint being used.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c14b034-bcb6-4905-94e7-5b8e98a47b65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c14b034-bcb6-4905-94e7-5b8e98a47b65\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets if the VM Image - (OS) is in the list defined and the agent is not installed. The list of OS - images will be updated over time as support is updated. Note: if your scale - set upgradePolicy is set to Manual, you need to apply the extension to the - all VMs in the set by calling upgrade on them. In CLI this would be az vmss - update-instances.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machine scale sets if the virtual + machine image is in the list defined and the agent is not installed. If your + scale set upgradePolicy is set to Manual, you need to apply the extension + to all the virtual machine in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c1b3629-c8f8-4bf6-862c-037cb9094038\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the OS vulnerabilities on your virtual machine scale sets to protect them - from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + from attacks.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1621 - Resource Availability\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3cb9f731-744a-4691-a481-ca77b0411538\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13294,7 +15300,13 @@ interactions: to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\",\"16.04-LTS\",\"16.04.0-LTS\",\"14.04.2-LTS\",\"12.04.5-LTS\"]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"OmsAgentForLinux\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('vmName'),'/omsPolicy')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2017-12-01\",\"properties\":{\"publisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"type\":\"OmsAgentForLinux\",\"typeHandlerVersion\":\"1.4\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled - monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"Microsoft + monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"App + Configuration should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d9f5e4c-9947-4579-9539-2a7695fbc187\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1385 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3e495e65-8663-49ca-9b38-9f45e800bc58\"},{\"properties\":{\"displayName\":\"Audit @@ -13423,13 +15435,15 @@ interactions: Managed Control 1202 - Access Restrictions For Change\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40a2a83b-74f2-4c02-ae65-f460a5d2792a\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Machine + Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you'll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit a tag from the subscription if missing\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds the specified tag with its value from the containing subscription when any resource missing this tag is created or updated. Existing resources can be @@ -13455,7 +15469,15 @@ interactions: Monitor should collect activity logs from all regions\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Temp + disks and cache for agent node pools in Azure Kubernetes Service clusters + should be encrypted at host\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + enhance data security, the data stored on the virtual machine (VM) host of + your Azure Kubernetes Service nodes VMs should be encrypted at rest. This + is a common requirement in many regulatory and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"count\":{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"false\"}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41425d9f-d1a5-499a-9932-f8ed8453932c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1263 - Contingency Plan Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41472613-3b05-49f6-8fe8-525af113ce17\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13483,14 +15505,14 @@ interactions: Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Resource logs in Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -13615,7 +15637,13 @@ interactions: Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should use a Private Link enabled SKU\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination which protect your resources + against public data leakage risks. The policy limits you to Private Link enabled + SKUs for Azure SignalR Service. Learn more about private link at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"field\":\"Microsoft.SignalRService/SignalR/sku.tier\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/464a1620-21b5-448d-8ce6-d4ac6d1bc49a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"464a1620-21b5-448d-8ce6-d4ac6d1bc49a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require SQL Server version 12.0\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures all SQL servers use version 12.0. This policy is deprecated because it is no longer possible to create an Azure SQL server with any version @@ -13639,11 +15667,26 @@ interactions: Services accounts should use customer owned storage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"[Preview]: + IoT Hub device provisioning service data should be encrypted using customer-managed + keys (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your IoT Hub device + provisioning service. The data is automatically encrypted at rest with service-managed + keys, but customer-managed keys (CMK) are commonly required to meet regulatory + compliance standards. CMKs enable the data to be encrypted with an Azure Key + Vault key created and owned by you. Learn more about CMK encryption at https://aka.ms/dps/CMK.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47031206-ce96-41f8-861b-6a915f3de284\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47031206-ce96-41f8-861b-6a915f3de284\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Storage + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the Azure Cache for + Redis isn't exposed on the public internet. You can limit exposure of your + Azure Cache for Redis by creating private endpoints instead. Learn more at: + https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"470baccb-7e51-4549-8b1a-3e5be069f663\"},{\"properties\":{\"displayName\":\"Storage accounts should have infrastructure encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted @@ -13652,11 +15695,15 @@ interactions: Cosmos DB key based metadata write access should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos - DB\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"notEquals\":true}]},\"then\":{\"effect\":\"append\",\"details\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"value\":true}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4750c32b-89c0-46af-bfcb-2e4541a818d5\"},{\"properties\":{\"displayName\":\"Automatic - provisioning of the Log Analytics monitoring agent should be enabled on your - subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - automatic provisioning of the Log Analytics monitoring agent in order to collect - security data\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + DB\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"notEquals\":true}]},\"then\":{\"effect\":\"append\",\"details\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"value\":true}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4750c32b-89c0-46af-bfcb-2e4541a818d5\"},{\"properties\":{\"displayName\":\"Auto + provisioning of the Log Analytics agent should be enabled on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + monitor for security vulnerabilities and threats, Azure Security Center collects + data from your Azure virtual machines. Data is collected by the Log Analytics + agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads + various security-related configurations and event logs from the machine and + copies the data to your Log Analytics workspace for analysis. We recommend + enabling auto provisioning to automatically deploy the agent to all supported + Azure VMs and any new ones that are created.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"475aae12-b88a-4572-8b36-9b712b2b3a17\"},{\"properties\":{\"displayName\":\"Adaptive application controls for defining safe applications should be enabled on your @@ -13665,9 +15712,16 @@ interactions: on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the - applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Configure + Cognitive Services accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Cognitive Services resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at: https://go.microsoft.com/fwlink/?linkid=2129800.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Disabled\",\"Modify\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2017-04-18')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -13809,13 +15863,15 @@ interactions: Managed Control 1094 - Role-Based Security Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b1853e0-8973-446b-b567-09d901d31a09\"},{\"properties\":{\"displayName\":\"Azure - Event Grid topics should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid topics that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid topics should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid topic instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4c090801-59bc-4454-bb33-e0455133486a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13840,7 +15896,14 @@ interactions: Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"MaximumPasswordAge\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"Function + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a function app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4d0bc837-6eff-477e-9ecd-33bf8d4212a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4d0bc837-6eff-477e-9ecd-33bf8d4212a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -13940,25 +16003,46 @@ interactions: Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints that connect to Batch + accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + DNS records allow private connections to private endpoints. Private endpoint + connections allow secure communication by enabling private connectivity to + Batch accounts without a need for public IP addresses at the source or destination. + For more information on private endpoints and DNS zones in Batch, see https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + private DNS zone to deploy in a new private DNS zone group and link to the + private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"batchAccount\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"batchAccount-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec38ebc-381f-45ee-81a4-acbc4be878f8\"},{\"properties\":{\"displayName\":\"Azure + data factories should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Data + Factory. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/adf-cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/encryption.vaultBaseUrl\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec52d6d-beb7-40c4-9a9e-fe753254690e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1139 - Audit Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ed62522-de00-4dda-9810-5205733d2f34\"},{\"properties\":{\"displayName\":\"A maximum of 3 owners should be designated for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate up to 3 subscription owners in order to reduce - the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f26049b-2c5a-4841-9ff3-d48a26aae475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f34f554-da4b-4786-8d66-7915c90893da\"},{\"properties\":{\"displayName\":\"A - security contact email address should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter - an email address to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f34f554-da4b-4786-8d66-7915c90893da\"},{\"properties\":{\"displayName\":\"Subscriptions + should have a contact email address for security issues\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, set a security contact + to receive email notifications from Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/email\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\"},{\"properties\":{\"displayName\":\"Add a tag to resources\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds @@ -13972,7 +16056,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f9dc7db-30c1-420c-b61a-e1d640128d26\"},{\"properties\":{\"displayName\":\"[Preview]: Storage account public access should be disallowed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Anonymous public read access to containers and blobs in Azure Storage is a convenient - way to share data, but might present security risks. To prevent data breaches + way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.\",\"metadata\":{\"version\":\"2.0.1-preview\",\"category\":\"Storage\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"The effect determines what happens when the policy @@ -13983,16 +16067,53 @@ interactions: is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this - tool for you.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + tool for you.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"550e890b-e652-4d22-8274-60b3bdb24c63\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1485 - Delivery And Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50301354-95d0-4a11-8af5-8039ecf6d38b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Deploy + Workflow Automation for Azure Security Center regulatory compliance\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + automation of Azure Security Center regulatory compliance. This policy deploys + a workflow automation with your conditions and triggers on the assigned scope. + To deploy this policy on newly created subscriptions, open the Compliance + tab, select the relevant non-compliant assignment and create a remediation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\",\"preview + \":true},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name\",\"description\":\"The resource group name where the workflow + automation is created. If you enter a name for a resource group that doesn't + exist, it'll be created in the subscription.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group location\",\"description\":\"The location where the resource group and + the workflow automation are created.\",\"strongType\":\"location\"}},\"regulatoryComplianceStandards\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + standards names\",\"description\":\"For all compliance standards, leave it + empty. For specific compliance standards, enter a list of standards names + separated by semicolons (';'). Compliance standards names are available through + the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"regulatoryComplianceControlStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + control states\",\"description\":\"Determines compliance control states.\"},\"allowedValues\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"],\"defaultValue\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + app trigger\",\"description\":\"The trigger connector of the logic app that + is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an + Azure Security Center regulatory compliance assessment is created or triggered'.\"},\"allowedValues\":[\"Manual + (Incoming HTTP request)\",\"When an Azure Security Center regulatory compliance + assessment is created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets\",\"exists\":false},{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"less\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceControlStates')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\",\"name\":\"regulatoryComplianceControlState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.state\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceControlState')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceControlStates'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceStandards')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\",\"name\":\"regulatoryComplianceStandard\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"id\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceStandard')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceStandards'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"notEquals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('regulatoryComplianceStandards'),parameters('regulatoryComplianceControlStates'))]\"},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\"},\"equals\":\"[mul(2,mul(length(parameters('regulatoryComplianceStandards')),length(parameters('regulatoryComplianceControlStates'))))]\"}]}]}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"regulatoryComplianceStandards\":{\"type\":\"array\"},\"regulatoryComplianceControlStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + for subscription {0}\",\"regulatoryComplianceStandardsLength\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"regulatoryComplianceControlStatesLength\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"regulatoryComplianceStandardsLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsLength'), + 0), 1, variables('regulatoryComplianceStandardsLength'))]\",\"regulatoryComplianceControlStatesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceControlStatesLength'), + 0), 1, variables('regulatoryComplianceControlStatesLength'))]\",\"stateMap\":{\"Failed\":\"failed\",\"Passed\":\"passed\",\"Skipped\":\"skipped\",\"Unsupported\":\"unsupported\"},\"triggerMap\":{\"Manual + (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center regulatory + compliance assessment is created or triggered\":\"When_a_Security_Center_Regulatory_Compliance_Assessment_is_created_or_triggered\"},\"doesAllStatesSelected\":\"[if(equals(length(parameters('regulatoryComplianceControlStates')),length(variables('stateMap'))),bool('true'),bool('false'))]\",\"doesAllStandardsSelected\":\"[if(equals(variables('regulatoryComplianceStandardsLength'),0),bool('true'),bool('false'))]\",\"allRegulatoryComplianceRuleSets\":[],\"customStandardsOrCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsOrCustomStateRuleSetsArr\",\"count\":\"[if(not(variables('doesAllStandardsSelected')),variables('regulatoryComplianceStandardsLength'),if(not(variables('doesAllStatesSelected')),variables('regulatoryComplianceControlStatesLength'),1))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(not(variables('doesAllStandardsSelected')),'id',if(not(variables('doesAllStatesSelected')),'properties.state',json('null')))]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],json('null')))]\",\"operator\":\"[if(not(variables('doesAllStandardsSelected')),'Contains',if(not(variables('doesAllStatesSelected')),'Equals',json('null')))]\"}]}}]},\"customStandardsAndCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsAndCustomStateRuleSetsArr\",\"count\":\"[if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),mul(variables('regulatoryComplianceStandardsLength'),variables('regulatoryComplianceControlStatesLength')),1)]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[mod(div(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength')), variables('regulatoryComplianceStandardsLength'))],json('null'))]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.state\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[mod(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength'))],json('null'))]\",\"operator\":\"Equals\"}]}}]},\"sourceRuleSets\":\"[if(and(variables('doesAllStandardsSelected'),variables('doesAllStatesSelected')),variables('allRegulatoryComplianceRuleSets'),if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),variables('customStandardsAndCustomStateRuleSets').customStandardsAndCustomStateRuleSetsArr,variables('customStandardsOrCustomStateRuleSets').customStandardsOrCustomStateRuleSetsArr))]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', + parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"[parameters('automationName')]\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Workflow + Automation for Azure Security Center recommendations via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":[{\"eventSource\":\"RegulatoryComplianceAssessment\",\"ruleSets\":\"[variables('sourceRuleSets')]\"}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"regulatoryComplianceStandards\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\"},\"regulatoryComplianceControlStates\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/509122b9-ddd9-47ba-a5f1-d0dac20be63c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"509122b9-ddd9-47ba-a5f1-d0dac20be63c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1566 - System Development Life Cycle\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50ad3724-e2ac-4716-afcc-d8eabd97adb9\"},{\"properties\":{\"displayName\":\"A @@ -14013,7 +16134,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50fc602d-d8e0-444b-a039-ad138ee5deb0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1386 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Bot + Service should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Bot Service automatically encrypts your resource to protect your data and + meet organizational security and compliance commitments. By default, Microsoft-managed + encryption keys are used. For greater flexibility in managing keys or controlling + access to your subscription, select customer-managed keys, also known as bring + your own key (BYOK). Learn more about Azure Bot Service encryption: https://docs.microsoft.com/azure/bot-service/bot-service-encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/isCmekEnabled\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/51522a96-0869-4791-82f3-981000c2c67f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"51522a96-0869-4791-82f3-981000c2c67f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1352 - Incident Response Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"518cb545-bfa8-43f8-a108-3b7d5037469a\"},{\"properties\":{\"displayName\":\"Azure @@ -14021,7 +16150,13 @@ interactions: Defender for Kubernetes provides real-time threat protection for containerized environments and generates alerts for suspicious activities.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Synapse + workspaces should be configured with 90 days auditing retention or higher.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"For + incident investigation purposes, we recommend setting the data retention for + your Synapse workspace' audit to at least 90 days. Confirm that you're meeting + the necessary retention rules for the regions in which you're operating. This + is sometimes required for compliance with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/529ea018-6afc-4ed4-95bd-7c9ee47b00bc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"529ea018-6afc-4ed4-95bd-7c9ee47b00bc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1642 - Network Disconnect\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53397227-5ee3-4b23-9e5e-c8a767ce6928\"},{\"properties\":{\"displayName\":\"Connection @@ -14030,12 +16165,14 @@ interactions: throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"connection_throttling\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5345bb39-67dc-4960-a1bf-427e16b9a0bd\"},{\"properties\":{\"displayName\":\"Azure - SignalR Service should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure SignalR Service resources that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft + SignalR Service should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your SignalR resources + instead of the entire service, you'll also be protected against data leakage + risks .Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1467 - Visitor Access Records\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5350cbf9-8bdd-4904-b22a-e88be84ca49d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14062,11 +16199,11 @@ interactions: Managed Control 1045 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\"},{\"properties\":{\"displayName\":\"[Preview]: - Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The - key vault firewall prevents unauthorized traffic from reaching your key vault + Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Key + vault's firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the - key vault firewall to make sure that only traffic from allowed networks can - access your key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + firewall to make sure that only traffic from allowed networks can access your + key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"field\":\"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"55615ac9-af46-4a59-874e-391cc3dfb490\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1523 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -14076,10 +16213,24 @@ interactions: Capacity\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"562afd61-56be-4313-8fe4-b9564aa4ba7d\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Application Gateway. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Microsoft + Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Azure + Automation accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Automation + Accounts. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/automation-cmk.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.Keyvault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56a5ee18-2ae6-4810-86f7-18e39ce5629b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14096,18 +16247,21 @@ interactions: Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Audit - Windows web servers that are not using secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the registry key - HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols - includes protocols less secure than what is selected in the policy parameter.\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Windows + web servers should be configured to use secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"MinimumTLSVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Minimum TLS version\",\"description\":\"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as - non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', + non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', '=', parameters('MinimumTLSVersion')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5752e6d6-1206-46d8-8ab1-ecc2f71a8112\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1162 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14129,7 +16283,15 @@ interactions: of critical processes.\"},\"allowedValues\":[\"No Auditing\",\"Success\",\"Failure\",\"Success and Failure\"],\"defaultValue\":\"No Auditing\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Audit - Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"Microsoft + Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"CosmosDB + accounts should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your CosmosDB account, data + leakage risks are reduced. Learn more about private links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58440f8a-10c5-4151-bdce-dfbaad4a20b7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58440f8a-10c5-4151-bdce-dfbaad4a20b7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1584 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5864522b-ff1d-4979-a9f8-58bee1fb174c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14228,12 +16390,13 @@ interactions: Managed Control 1433 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b879b41-2728-41c5-ad24-9ee2c37cbe65\"},{\"properties\":{\"displayName\":\"Container - registries should be encrypted with a customer-managed key (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - or deny container registries that do not have encryption enabled with customer-managed - keys (CMK). Azure automatically encrypts registry contents at rest with service-managed - keys. You can supplement default encryption with an additional encryption - layer using a key that you create and manage in Azure Key Vault. For more - information on CMK encryption, please visit: https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Container + registries should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.2\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/encryption.status\",\"notEquals\":\"enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\"},{\"properties\":{\"displayName\":\"Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client @@ -14279,16 +16442,16 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Audit - Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Log + Analytics agent should be enabled in virtual machine scale sets for listed + virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1671 - Flaw Remediation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5bbef7-a316-415b-9b38-29753ce8e698\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14297,9 +16460,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5e54f6-0127-44d0-8b61-f31dc8dd6190\"},{\"properties\":{\"displayName\":\"External accounts with write permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with write privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1483 - Water Damage Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5cb81060-3c8a-4968-bcdc-395a1801f6c1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14367,27 +16530,67 @@ interactions: '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"},{\"properties\":{\"displayName\":\"[Preview]: Private endpoint should be configured for Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - link provides a way to connect key vault to your Azure resources without sending + link provides a way to connect Key Vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection - against data exfiltration.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + against data exfiltration.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Vulnerabilities + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Azure + Machine Learning workspaces should use user-assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manange + access to Azure ML workspace and associated resources, Azure Container Registry, + KeyVault, Storage, and App Insights using user-assigned managed identity. + By default, system-assigned managed identity is used by Azure ML workspace + to access the associated resources. User-assigned managed identity allows + you to create the identity as an Azure resource and maintain the life cycle + of that identity. Learn more at https://docs.microsoft.com/azure/machine-learning/how-to-use-managed-identities?tabs=python.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"exists\":false},{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0c7d88-c7de-45b8-ac49-db49e72eaa78\"},{\"properties\":{\"displayName\":\"Vulnerabilities in Azure Container Registry images should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Container image vulnerability assessment scans your registry for security vulnerabilities on each pushed container image and exposes detailed findings for each image (powered by Qualys). Resolving the vulnerabilities can greatly improve your - containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"equals\":\"Healthy\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f18c885-ade3-48c5-80b1-8f9216019c18\"},{\"properties\":{\"displayName\":\"External accounts with read permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with read privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityLinuxAgent\":\"[concat('deployAzureSecurityLinuxAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityLinuxAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityLinuxAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityLinuxAgent\",\"typeHandlerVersion\":\"2.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f8eb305-9c9f-4abe-9bb0-df220d9faba2\"},{\"properties\":{\"displayName\":\"[Deprecated]: Audit Windows virtual machines on which the Windows Guest Configuration extension is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits Windows virtual machines hosted in Azure that are supported @@ -14504,7 +16707,25 @@ interactions: toLower('microsoft.hybridcompute/machines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), - '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Service + '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Configure + private endpoints for App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints let you connect your virtual network to Azure services without a + public IP address at the source or destination. By mapping private endpoints + to your app configuration instances, data leakage risks are reduced. Learn + more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"configurationStores\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/614ffa75-862c-456e-ad8b-eaa1b0844b07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"614ffa75-862c-456e-ad8b-eaa1b0844b07\"},{\"properties\":{\"displayName\":\"Bot + Service endpoint should be a valid HTTPS URI\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission. Protocols exist that provide encryption + to address problems of misuse and tampering. To ensure your bots are communicating + only over encrypted channels, set the endpoint to a valid HTTPS URI. This + ensures the HTTPS protocol is used to encrypt your data in transit and is + also often a requirement for compliance with regulatory or industry standards. + Please visit: https://docs.microsoft.com/azure/bot-service/bot-builder-security-guidelines.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/endpoint\",\"notLike\":\"https://*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6164527b-e1ee-4882-8673-572f425f5e0a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6164527b-e1ee-4882-8673-572f425f5e0a\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the @@ -14548,7 +16769,15 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"WorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Connected workspace IDs\",\"description\":\"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"}}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId', - '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Microsoft + '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Modify + Azure SignalR Service resources to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"Audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"value\":\"Deny\"},{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"value\":[]}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62a3ae95-8169-403e-a2d2-b82141448092\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62a3ae95-8169-403e-a2d2-b82141448092\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62b638c5-29d7-404b-8d93-f21e4b1ce198\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14569,12 +16798,13 @@ interactions: if it can't establish a connection.\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsRemoteConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[WindowsRemoteConnection]WindowsRemoteConnection1;host', '=', parameters('host'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;port', '=', parameters('port'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect', - '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Audit - Linux machines that are not using SSH key for authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if Non-compliant if - the machine allows passwords for authenticating through SSH\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Authentication + to Linux machines should require SSH keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Although + SSH itself provides an encrypted connection, using passwords with SSH still + leaves the VM vulnerable to brute-force attacks. The most secure option for + authenticating to an Azure Linux virtual machine over SSH is with a public-private + key pair, also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxNoPasswordForSSH\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630c64f9-8b6b-4c64-b511-6544ceff6fd6\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14612,7 +16842,15 @@ interactions: Allowed to format and eject removable media;ExpectedValue\",\"value\":\"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure HDInsight + clusters. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/hdi.cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.keyName\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/64d314f6-6062-4780-a861-c23e8951bee5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"64d314f6-6062-4780-a861-c23e8951bee5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6519d7f3-e8a2-4ff3-a935-9a9497152ad7\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14653,12 +16891,14 @@ interactions: Managed Control 1319 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"66f7ae57-5560-4fc5-85c9-659f204e7a42\"},{\"properties\":{\"displayName\":\"Cognitive - Services accounts should enable data encryption with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed - keys provide enhanced data protection by allowing you to manage your encryption - keys for data stored in Cognitive Services. This is often required to meet - compliance requirements.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cognitive + Services accounts should enable data encryption with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed keys at https://go.microsoft.com/fwlink/?linkid=2121321.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*]\",\"where\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*].name\",\"equals\":\"CustomerManagedKey\"}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67de62b4-a737-4781-8861-3baed3c35069\"},{\"properties\":{\"displayName\":\"Windows @@ -14686,7 +16926,17 @@ interactions: insecure guest logons;ExpectedValue', '=', parameters('EnableInsecureGuestLogons'), ',', 'Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue', '=', parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'), - ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"Microsoft + ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked service resource type should be in allow list\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Define + the allow list of Azure Data Factory linked service types. Restricting allowed + resource types enables control over the boundary of data movement. For example, + restrict a scope to only allow blob storage with Data Lake Storage Gen1 and + Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time + queries.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"allowedLinkedServiceResourceTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed linked service resource types\",\"description\":\"The list of allowed + linked service resource types.\"},\"allowedValues\":[\"AdlsGen2CosmosStructuredStream\",\"AdobeExperiencePlatform\",\"AdobeIntegration\",\"AmazonRedshift\",\"AmazonS3\",\"AzureBlobFS\",\"AzureBlobStorage\",\"AzureDataExplorer\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureDataShare\",\"AzureFileStorage\",\"AzureKeyVault\",\"AzureMariaDB\",\"AzureMySql\",\"AzurePostgreSql\",\"AzureSearch\",\"AzureSqlDatabase\",\"AzureSqlDW\",\"AzureSqlMI\",\"AzureTableStorage\",\"Cassandra\",\"CommonDataServiceForApps\",\"CosmosDb\",\"CosmosDbMongoDbApi\",\"Db2\",\"DynamicsCrm\",\"FileServer\",\"FtpServer\",\"GitHub\",\"GoogleCloudStorage\",\"Hdfs\",\"Hive\",\"HttpServer\",\"Informix\",\"Kusto\",\"MicrosoftAccess\",\"MySql\",\"Netezza\",\"Odata\",\"Odbc\",\"Office365\",\"Oracle\",\"PostgreSql\",\"Salesforce\",\"SalesforceServiceCloud\",\"SapBw\",\"SapHana\",\"SapOpenHub\",\"SapTable\",\"Sftp\",\"SharePointOnlineList\",\"Snowflake\",\"SqlServer\",\"Sybase\",\"Teradata\",\"HDInsightOnDemand\",\"HDInsight\",\"AzureDataLakeAnalytics\",\"AzureBatch\",\"AzureFunction\",\"AzureML\",\"AzureMLService\",\"MongoDb\",\"GoogleBigQuery\",\"Impala\",\"ServiceNow\",\"Dynamics\",\"AzureDatabricks\",\"AmazonMWS\",\"SapCloudForCustomer\",\"SapEcc\",\"Web\",\"MongoDbAtlas\",\"HBase\",\"Spark\",\"Phoenix\",\"PayPal\",\"Marketo\",\"Responsys\",\"SalesforceMarketingCloud\",\"Presto\",\"Square\",\"Xero\",\"Jira\",\"Magento\",\"Shopify\",\"Concur\",\"Hubspot\",\"Zoho\",\"Eloqua\",\"QuickBooks\",\"Couchbase\",\"Drill\",\"Greenplum\",\"MariaDB\",\"Vertica\",\"MongoDbV2\",\"OracleServiceCloud\",\"GoogleAdWords\",\"RestService\",\"DynamicsAX\",\"AzureDataCatalog\",\"AzureDatabricksDeltaLake\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"notIn\":\"[parameters('allowedLinkedServiceResourceTypes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6809a3d0-d354-42fb-b955-783d207c62a8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6809a3d0-d354-42fb-b955-783d207c62a8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14805,9 +17055,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\"},{\"properties\":{\"displayName\":\"Deprecated accounts should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are - accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Service Bus to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Service Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is created @@ -14828,16 +17078,51 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationalLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b51af03-9277-49a9-a3f8-1c69c9ff7403\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1031 - Separation Of Duties\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Not - allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This - policy enables you to specify the resource types that your organization cannot - deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Vulnerabilities + on your SQL servers on machine should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + Vulnerability Assessment scans your database for security vulnerabilities, + and exposes any deviations from best practices such as misconfigurations, + excessive permissions, and unprotected sensitive data. Resolving the vulnerabilities + found can greatly improve your database security posture.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f97aa83c-9b63-4f9a-99f6-b22c4398f936\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\"},{\"properties\":{\"displayName\":\"Not + allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict + which resource types can be deployed in your environment. Limiting resource + types can reduce the complexity and attack surface of your environment while + also helping to manage costs. Compliance results are only shown for non-compliant + resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of resource types that cannot be deployed.\",\"displayName\":\"Not allowed - resource types\",\"strongType\":\"resourceTypes\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft + resource types\",\"strongType\":\"resourceTypes\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},{\"value\":\"[field('type')]\",\"exists\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Kubernetes Service to stream resource logs + to a Log Analytics workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKubernetesDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Azure Kubernetes Service should be connected to\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AllMetrics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-apiserver\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-apiserver + - Enabled\",\"description\":\"Whether to stream kube-apiserver logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit + - Enabled\",\"description\":\"Whether to stream kube-audit logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-controller-manager\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-controller-manager + - Enabled\",\"description\":\"Whether to stream kube-controller-manager logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-scheduler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-scheduler + - Enabled\",\"description\":\"Whether to stream kube-scheduler logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"cluster-autoscaler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"cluster-autoscaler + - Enabled\",\"description\":\"Whether to stream cluster-autoscaler logs to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit-admin\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit-admin + - Enabled\",\"description\":\"Whether to stream kube-audit-admin logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"guard\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"guard + - Enabled\",\"description\":\"Whether to stream guard logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AllMetrics\":{\"type\":\"string\"},\"kube-apiserver\":{\"type\":\"string\"},\"kube-audit\":{\"type\":\"string\"},\"kube-controller-manager\":{\"type\":\"string\"},\"kube-scheduler\":{\"type\":\"string\"},\"cluster-autoscaler\":{\"type\":\"string\"},\"kube-audit-admin\":{\"type\":\"string\"},\"guard\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.ContainerService/managedClusters/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetrics')]\"}],\"logs\":[{\"category\":\"kube-apiserver\",\"enabled\":\"[parameters('kube-apiserver')]\"},{\"category\":\"kube-audit\",\"enabled\":\"[parameters('kube-audit')]\"},{\"category\":\"kube-controller-manager\",\"enabled\":\"[parameters('kube-controller-manager')]\"},{\"category\":\"kube-scheduler\",\"enabled\":\"[parameters('kube-scheduler')]\"},{\"category\":\"cluster-autoscaler\",\"enabled\":\"[parameters('cluster-autoscaler')]\"},{\"category\":\"kube-audit-admin\",\"enabled\":\"[parameters('kube-audit-admin')]\"},{\"category\":\"guard\",\"enabled\":\"[parameters('guard')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"guard\":{\"value\":\"[parameters('guard')]\"},\"AllMetrics\":{\"value\":\"[parameters('AllMetrics')]\"},\"kube-apiserver\":{\"value\":\"[parameters('kube-apiserver')]\"},\"kube-audit\":{\"value\":\"[parameters('kube-audit')]\"},\"kube-scheduler\":{\"value\":\"[parameters('kube-scheduler')]\"},\"kube-controller-manager\":{\"value\":\"[parameters('kube-controller-manager')]\"},\"cluster-autoscaler\":{\"value\":\"[parameters('cluster-autoscaler')]\"},\"kube-audit-admin\":{\"value\":\"[parameters('kube-audit-admin')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c66c325-74c8-42fd-a286-a74b0e2939d8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14866,17 +17151,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dab4254-c30d-4bb7-ae99-1d21586c063c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1651 - Mobile Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Enable + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts with private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. You + need private DNS zone properly configured to connect to Azure Automation account + via Azure Private Link. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint group id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"automationAccounts-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dd01e4f-1be1-4e80-9d0b-d109e04cb064\"},{\"properties\":{\"displayName\":\"Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace.\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using ASC default workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6df2fee6-a9ed-4fef-bced-e13be1b25f1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6df2fee6-a9ed-4fef-bced-e13be1b25f1c\"},{\"properties\":{\"displayName\":\"Email - notification for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - emailing security alerts to the security contact, in order to have them receive - security alert emails from Microsoft. This ensures that the right people are - aware of any potential security issues and are able to mitigate the risks\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + notification for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, enable email notifications + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertNotifications\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e2593d9-add6-4083-9c9b-4b7d2188c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1586 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -14890,20 +17184,58 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e8f9566-29f1-49cd-b61f-f8628a3cf993\"},{\"properties\":{\"displayName\":\"Storage account should use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private links enforce secure communication, by providing private connectivity to the - storage account\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft + storage account\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1460 - Access Control For Output Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f3ce1bb-4f77-4695-8355-70b08d54fdda\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1320 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Storage - account should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure - your storage account with greater flexibility using customer-managed keys - (CMKs). When you specify a CMK, that key is used to protect and control access - to the key that encrypts your data. Using CMKs provides additional capabilities - to control rotation of the key encryption key or cryptographically erase data.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for storage accounts to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for storage accounts to stream resource logs to a + Log Analytics workspace when any storage account which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"category\":\"Storage\",\"version\":\"1.1.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"storageAccountsDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the storage account should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"StorageDelete\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageDelete + - Enabled\",\"description\":\"Whether to stream StorageDelete logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageWrite\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageWrite + - Enabled\",\"description\":\"Whether to stream StorageWrite logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageRead\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageRead + - Enabled\",\"description\":\"Whether to stream StorageRead logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Transaction\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Transaction + - Enabled\",\"description\":\"Whether to stream Transaction logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Transaction\":{\"type\":\"string\"},\"StorageRead\":{\"type\":\"string\"},\"StorageWrite\":{\"type\":\"string\"},\"StorageDelete\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.storage/storageAccounts/blobServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/fileServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/tableServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/queueServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"Transaction\":{\"value\":\"[parameters('Transaction')]\"},\"StorageDelete\":{\"value\":\"[parameters('StorageDelete')]\"},\"StorageWrite\":{\"value\":\"[parameters('StorageWrite')]\"},\"StorageRead\":{\"value\":\"[parameters('StorageRead')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f8f98a4-f108-47cb-8e98-91a0d85cd474\"},{\"properties\":{\"displayName\":\"Storage + accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Workbooks + should be saved to storage accounts that you control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + bring your own storage (BYOS), your workbooks are uploaded into a storage + account that you control. That means you control the encryption-at-rest policy, + the lifetime management policy, and network access. You will, however, be + responsible for the costs associated with that storage account. For more information, + visit https://aka.ms/workbooksByos\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Audit, + Deny, or Disable the execution of this policy\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"microsoft.insights/workbooks\"},{\"field\":\"microsoft.insights/workbooks/storageUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fc8115b-2008-441f-8c61-9b722c1e537f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fc8115b-2008-441f-8c61-9b722c1e537f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/topics/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"topic\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fdefbf4-93e7-4513-bc95-c1858b7093e0\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -14920,14 +17252,22 @@ interactions: or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"[Deprecated]: + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"OS + and data disks should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your managed disks. By default, the data is encrypted at rest with platform-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"value\":\"[length(field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"true\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]'))]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"anyOf\":[{\"count\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]\",\"where\":{\"value\":\"[length(current('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"exists\":\"true\"}}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"702dd420-7fcc-42c5-afe8-4026edd20fe0\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. @@ -15118,13 +17458,13 @@ interactions: or to include additional functionality. Using the latest Python version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this - policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7238174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the WEB app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws @@ -15135,7 +17475,15 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Preview]: + Windows machines should meet requirements of the Azure Security Center baseline\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires + that prerequisites are deployed to the policy assignment scope. For details, + visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not + configured correctly for one of the recommendations in the Azure Security + Center baseline.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureWindowsBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Include Arc connected servers\",\"description\":\"By selecting this option, + you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureWindowsBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -15162,7 +17510,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"726aca4c-86e9-4b04-b0c5-073027359532\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoints can be configured to connect privately to an Azure Synapse workspace. - This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"count\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72d11df1-dd8a-41f7-8925-b05b960ebafc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72d11df1-dd8a-41f7-8925-b05b960ebafc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1524 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15173,7 +17521,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"731856d8-1598-4b75-92de-7d46235747c0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Configure + App Configuration to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for App Configuration so that it isn't accessible over + the public internet. This configuration helps protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73290fa2-dfa7-4bbb-945d-a5e23b75df2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73290fa2-dfa7-4bbb-945d-a5e23b75df2c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1456 - Physical Access Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"733ba9e3-9e7c-440a-a7aa-6196a90a2870\"},{\"properties\":{\"displayName\":\"Deploy @@ -15182,7 +17538,7 @@ interactions: workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation - task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow automation is created. If you enter a name for a resource group that doesn't @@ -15192,8 +17548,7 @@ interactions: IDs\",\"description\":\"For all recommendations, leave empty. For specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/en-us/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"recommendationStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation states\",\"description\":\"Determines recommendation states. Recommendations @@ -15202,13 +17557,14 @@ interactions: detects it as healthy. A recommendation is not-applicable if, for example, it was disabled in the Security Policy. Example: Healthy;Unhealthy;Not Applicable;\"},\"allowedValues\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"],\"defaultValue\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Recommendation is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Recommendation is - created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(if(equals(length(parameters('recommendationNames')),0),array('Microsoft.Security/assessments'),parameters('recommendationNames')),parameters('recommendationSeverities'),if(contains(parameters('recommendationStates'),'Not + Applicable'),union(parameters('recommendationStates'), array('notapplicable')),parameters('recommendationStates')))]\"},{\"count\":{\"value\":\"[parameters('recommendationSeverities')]\",\"name\":\"recommendationSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.metadata.severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationSeverity')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationSeverities'))]\"},{\"count\":{\"value\":\"[parameters('recommendationStates')]\",\"name\":\"recommendationState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.status.code\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[replace(current('recommendationState'), + ' ','')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationSeverities')))]\"}},\"equals\":\"[length(parameters('recommendationStates'))]\"},{\"count\":{\"value\":\"[parameters('recommendationNames')]\",\"name\":\"recommendationName\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"name\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationName')]\"}]}},\"equals\":\"[mul(length(parameters('recommendationSeverities')),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationNames'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"recommendationStatesLength\":\"[length(parameters('recommendationStates'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"recommendationStatesLengthIfEmpty\":\"[if(equals(variables('recommendationStatesLength'), @@ -15225,15 +17581,25 @@ interactions: variables('totalRuleCombinationsForOneRecommendationName')), variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationSeverity')), variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"},{\"propertyJPath\":\"properties.status.code\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('stateMap')[parameters('recommendationStates')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationState')), variables('recommendationStatesLength'))]]]\",\"operator\":\"Contains\"}]}}]}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), - '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"Microsoft + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"API + Management service should use a SKU that supports virtual networks\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of API Management, deploying service into a virtual network + unlocks advanced API Management networking and security features which provides + you greater control over your network security configuration. Learn more at: + https://aka.ms/apimvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + list of SKUs that can be specified for Azure API Management service.\",\"displayName\":\"Allowed + SKUs\"},\"allowedValues\":[\"Developer\",\"Basic\",\"Standard\",\"Premium\",\"Isolated\",\"Consumption\"],\"defaultValue\":[\"Developer\",\"Premium\",\"Isolated\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ApiManagement/service\"},{\"not\":{\"field\":\"Microsoft.ApiManagement/service/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73ef9241-5d81-4cd4-b483-8443d1730fe5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1581 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"742b549b-7a25-465f-b83c-ea1ffb4f4e0e\"},{\"properties\":{\"displayName\":\"Allowed storage account SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of storage account SKUs that your organization - can deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + can deploy.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of SKUs that can be specified for storage accounts.\",\"displayName\":\"Allowed - SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft + SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\"},{\"properties\":{\"displayName\":\"Ensure @@ -15242,14 +17608,19 @@ interactions: or to include additional functionality. Using the latest Python version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Microsoft + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Batch accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access on a Batch account improves security by ensuring your + Batch account can only be accessed from a private endpoint. Learn more about + disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c5a0ae-5e48-4738-b093-65e23a060488\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7522ed84-70d5-4181-afc0-21e50b1b6d0e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -15265,7 +17636,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75603f96-80a1-4757-991d-5a1221765ddd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Private + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Configure + Azure Migrate resources to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Migrate + project. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Migrate\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"Default\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/assessmentProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/migrateProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.OffAzure/masterSites\"}]}]}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"default-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7590a335-57cf-4c95-babd-ecbc8fafeb1f\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MySQL. Configure a private endpoint connection to enable @@ -15274,12 +17653,12 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7595c971-233d-4bcf-bd18-596129188c49\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1459 - Access Control For Transmission Medium\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"Vulnerabilities - should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without - a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy + a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy Dependency agent for Linux virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale @@ -15292,7 +17671,8 @@ interactions: extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure SQL Database should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity - to Azure SQL Database.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft + to Azure SQL Database.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15314,7 +17694,12 @@ interactions: policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"Virtual + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory should use a Git repository for source control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + source control on data factories, to gain capabilities such as change tracking, + collaboration, continuous integration, and deployment.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"exists\":\"false\"},{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77d40665-3120-4348-b539-3192ec808307\"},{\"properties\":{\"displayName\":\"Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet @@ -15324,7 +17709,13 @@ interactions: Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"AuditIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"equals\":\"[parameters('subnetId')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77e8b146-0078-4fb2-b002-e112381199f0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your Azure Cache for Redis instances, data leakage risks are reduced. Learn + more at: https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Cache/redis/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Cache/redis/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7803067c-7d34-46e3-8c79-0ca68fc4036d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7803067c-7d34-46e3-8c79-0ca68fc4036d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1258 - Contingency Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7814506c-382c-4d33-a142-249dd4a0dbff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15337,7 +17728,16 @@ interactions: Managed Control 1700 - Information System Monitoring | Unauthorized Network Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + Azure Machine Learning workspace, you can reduce data leakage risks. Learn + more about private links at: https://docs.microsoft.com/azure/machine-learning/how-to-configure-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"amlworkspace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7838fd83-5cbb-4b5d-888c-bfa240972597\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7838fd83-5cbb-4b5d-888c-bfa240972597\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1010 - Account Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"784663a8-1eb0-418a-a98c-24d19bc1bb62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15350,7 +17750,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"78e8e649-50f6-4fe3-99ac-fedc2e63b03f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1647 - Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Azure + Cosmos DB should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your CosmosDB account + isn't exposed on the public internet. Creating private endpoints can limit + exposure of your CosmosDB account. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"797b37f7-06b8-444c-b1ad-fc62867f335a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1510 - Position Risk Designation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"79da5b09-0e7e-499e-adda-141b069c7998\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15389,7 +17795,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a1e2c88-13de-4959-8ee7-47e3d74f1f48\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1289 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Configure + private DNS zones for private endpoints connected to App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve app configuration + instances. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"configurationStores\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-azconfig-io\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a860e27-9ca2-4fc6-822d-c2d248c300df\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1687 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a87fc7f-301e-49f3-ba2a-4d74f424fa97\"},{\"properties\":{\"displayName\":\"Allow @@ -15403,16 +17818,22 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ac22808-a2e8-41c4-9d46-429b50738914\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1492 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Azure + Attestation providers should use private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints provide a way to connect Azure Attestation providers to your Azure + resources without sending traffic over the public internet. By preventing + public access, private endpoints help protect against undesired anonymous + access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Attestation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Attestation/attestationProviders\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b256a2d-058b-41f8-bed9-3f870541c40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b256a2d-058b-41f8-bed9-3f870541c40a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Resource logs in Virtual Machine Scale Sets should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It is recommended to enable Logs so that activity trail can be recreated when - investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"includeAKSClusters\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include - AKS Clusters\",\"description\":\"Whether to include AKS Clusters to Diagnostic + AKS Clusters\",\"description\":\"Whether to include AKS Clusters to resource logs extension - True or False\"},\"defaultValue\":false}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":true}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":false},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notEquals\":\"microsoft-aks\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notEquals\":\"aks\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"aks*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"IaaSDiagnostics\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Diagnostics\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"LinuxDiagnostic\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"in\":[\"Microsoft.OSTCExtensions\",\"Microsoft.Azure.Diagnostics\"]}]}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7c1b1214-f927-48bf-8882-84f0af6588b1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require blob encryption for storage accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures blob encryption for storage accounts is turned on. It only @@ -15429,9 +17850,12 @@ interactions: implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\"},{\"properties\":{\"displayName\":\"Azure Cache for Redis should reside within a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure - Cache for Redis has the ability to reside within a virtual network, which - is a way for the resource to have a non-public endpoint controlled and managed - by the user.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},{\"field\":\"Microsoft.Cache/Redis/subnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d092e0a-7acd-40d2-a975-dca21cae48c4\"},{\"properties\":{\"displayName\":\"Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encrypting @@ -15440,7 +17864,15 @@ interactions: and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Microsoft + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Service + Bus namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d890f7f-100c-473d-baa1-2777e2266535\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d890f7f-100c-473d-baa1-2777e2266535\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15467,7 +17899,18 @@ interactions: auditing Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure SQL Database server to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure SQL Database server to stream resource logs + to a Log Analytics workspace when any SQL Server which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"logAnalyticsWorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the server should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"logAnalyticsWorkspaceId\":{\"type\":\"string\"}},\"variables\":{\"diagnosticSettingsName\":\"SQLSecurityAuditEvents_3d229c42-c7e7-4c97-9a99-ec0d0d8b86c1\"},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"name\":\"[concat(parameters('serverName'),'/master/microsoft.insights/',variables('diagnosticSettingsName'))]\",\"apiVersion\":\"2017-05-01-preview\",\"properties\":{\"name\":\"[variables('diagnosticSettingsName')]\",\"workspaceId\":\"[parameters('logAnalyticsWorkspaceId')]\",\"logs\":[{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":true,\"retentionPolicy\":{\"days\":0,\"enabled\":false}}]}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"dependsOn\":[\"[concat('Microsoft.Sql/servers/', + parameters('serverName'),'/databases/master/providers/microsoft.insights/diagnosticSettings/', + variables('diagnosticSettingsName'))]\"],\"properties\":{\"state\":\"Enabled\",\"isAzureMonitorTargetEnabled\":true}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"logAnalyticsWorkspaceId\":{\"value\":\"[parameters('logAnalyticsWorkspaceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ea8a143-05e3-4553-abfe-f56bef8b0b70\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ea8a143-05e3-4553-abfe-f56bef8b0b70\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15813,28 +18256,27 @@ interactions: subscription().subscriptionId, '/resourceGroups/', parameters('vmRgName'), '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]\"}}],\"outputs\":{\"status\":{\"type\":\"string\",\"value\":\"[concat('Backup enabled successfully for VM:', ' ', parameters('vmName'), 'Backup Vault: ', - variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Diagnostic + variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Resource logs in Event Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Event + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Event Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network interfaces should not have public IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id\",\"notLike\":\"*\"}}]},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a86a26-fd1f-447c-b59d-e51f44264114\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - MySQL database servers enables implementing a separation of duties in the - management of keys and data. When you configure a customer-managed key, the - key is used to protect and control access to the key that encrypts your data. - You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83cef61d-dbd1-4b20-a4fc-5fbc7da10833\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1382 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15994,7 +18436,21 @@ interactions: Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your IoT Hub device provisioning instance so that + it's not accessible over the public internet. This can reduce data leakage + risks. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/859dfc91-ea35-43a6-8256-31271c363794\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"859dfc91-ea35-43a6-8256-31271c363794\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory integration runtime should have a limit for number of cores\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + manage your resources and costs, limit the number of cores for an integration + runtime.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"maxCores\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed max number of cores\",\"description\":\"The max number of cores allowed + for dataflow.\"},\"defaultValue\":32}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"greater\":\"[parameters('maxCores')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/85bb39b5-2f66-49f8-9306-77da3ac5130f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"85bb39b5-2f66-49f8-9306-77da3ac5130f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -16002,11 +18458,11 @@ interactions: Managed Control 1326 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8605fc00-1bf5-4fb3-984e-c95cec4f231d\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit - or deny resources that do not have any IP rules configured and allow all networks - by default. Accounts that have at least one IP rule defined with the virtual - network filter enabled are deemed compliant. Accounts disabling public access - are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Firewall + rules should be defined on your Azure Cosmos DB accounts to prevent traffic + from unauthorized sources. Accounts that have at least one IP rule defined + with the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"equals\":\"Enabled\"}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"equals\":\"false\"},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules[*]\"},\"equals\":0}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"equals\":\"\"}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options @@ -16030,9 +18486,9 @@ interactions: '/current')]\",\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\",\"apiVersion\":\"2014-04-01\",\"properties\":{\"status\":\"Enabled\"}}]},\"parameters\":{\"fullDbName\":{\"value\":\"[field('fullName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\"},{\"properties\":{\"displayName\":\"System updates should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Missing security system updates on your servers will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c0f5316d-5ac5-9218-b77a-b96e16ccfd66\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"4ab6e3c5-74dd-8b35-9ab9-f61b30875b27\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1507 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86ccd1bf-e7ad-4851-93ce-6ec817469c1e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -16170,13 +18626,29 @@ interactions: Managed Control 1215 - Least Functionality\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"88fc93e8-4745-4785-b5a5-b44bb92c44ff\"},{\"properties\":{\"displayName\":\"SQL - servers should be configured with auditing retention days greater than 90 - days.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - SQL servers configured with an auditing retention period of less than 90 days.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + servers should be configured with 90 days auditing retention or higher\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + servers should be configured with 90 days auditing retention or higher.\",\"metadata\":{\"version\":\"2.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89099bee-89e0-4b26-a5f4-165451757743\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1411 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid domains to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898e9824-104c-4965-8e0e-5197588fa5d4\"},{\"properties\":{\"displayName\":\"App + Configuration should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"When + using a supported SKU, Azure Private Link lets you connect your virtual network + to Azure services without a public IP address at the source or destination. + The private link platform handles the connectivity between the consumer and + services over the Azure backbone network. By mapping private endpoints to + your app configuration instances instead of the entire service, you'll also + be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/sku.name\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89c8a434-18f0-402c-8147-630a8dea54e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89c8a434-18f0-402c-8147-630a8dea54e0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a29d47b-8604-4667-84ef-90d203fcb305\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -16187,7 +18659,13 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should deploy into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + communication between your containers with Azure Virtual Networks. When you + specify a virtual network, resources within the virtual network can securely + and privately communicate with each other.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"field\":\"Microsoft.ContainerInstance/containerGroups/networkProfile.id\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8af8f826-edcb-4178-b35f-851ea6fea615\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs with a pending reboot\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -16299,7 +18777,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom - workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Microsoft + workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to enable private endpoint connections\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint connection enables private connectivity to your Azure SQL + Database via a private IP address inside a virtual network. This configuration + improves your security posture and supports Azure networking tools and scenarios.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Subnet + to use for Private Endpoints\",\"description\":\"The name of the subnet within + the virtual network that you would like to use for your Private Endpoint Connection + deployment\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].id\",\"exists\":\"false\"}},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/privateEndpointConnections\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"subnetlocation\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"name\":\"[variables('privateEndpointName')]\",\"location\":\"[parameters('subnetlocation')]\",\"properties\":{\"privateLinkServiceConnections\":[{\"name\":\"[parameters('name')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"sqlServer\"],\"privateLinkServiceConnectionState\":{\"status\":\"Approved\",\"description\":\"Auto-approved\",\"actionsRequired\":\"None\"}}}],\"manualPrivateLinkServiceConnections\":[],\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"customDnsConfigs\":[]}}]},\"parameters\":{\"name\":{\"value\":\"[parameters('name')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"subnetlocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e8ca470-d980-4831-99e6-dc70d9f6af87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e8ca470-d980-4831-99e6-dc70d9f6af87\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1517 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8f5ad423-50d6-4617-b058-69908f5586c9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -16522,21 +19008,37 @@ interactions: Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Event + Hub namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91678b7c-d721-4fc5-b179-3cdf74e96b1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91678b7c-d721-4fc5-b179-3cdf74e96b1c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Resource + logs in App Services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + enabling of resource logs on the app. This enables you to recreate activity + trails for investigation purposes if a security incident occurs or your network + is compromised.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91a78b24-f231-4a8a-8da9-02c35b2b6510\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"Deploy + Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Dependency agent to Windows Azure Arc machines if the agent - isn't installed.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\",\"resources\":[{\"type\":\"extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[variables('DaExtensionName')]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[\"[concat('Microsoft.HybridCompute/machines/', - parameters('vmName'))]\"],\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}]}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + isn't installed.\",\"metadata\":{\"version\":\"1.2.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[concat(parameters('vmName'), + '/', variables('DaExtensionName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -16544,9 +19046,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"924e1b2d-c502-478f-bfdb-a7e09a0d5c01\"},{\"properties\":{\"displayName\":\"MFA should be enabled accounts with write permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1290 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"92f85ce9-17b7-49ea-85ee-ea7271ea6b82\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -16624,10 +19126,29 @@ interactions: Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault to stream resource logs to a Log + Analytics workspace when any Key Vault which is missing this diagnostic settings + is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKeyVaultDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Key Vault should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AuditEventEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AuditEvent + - Enabled\",\"description\":\"Whether to stream AuditEvent logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AllMetricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AuditEventEnabled\":{\"type\":\"string\"},\"AllMetricsEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('AuditEventEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"AuditEventEnabled\":{\"value\":\"[parameters('AllMetricsEnabled')]\"},\"AllMetricsEnabled\":{\"value\":\"[parameters('AuditEventEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/951af2fa-529b-416e-ab6e-066fd85ac459\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"951af2fa-529b-416e-ab6e-066fd85ac459\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1526 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Authentication + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Automation + accounts should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your Automation + account resources by creating private endpoints instead. Learn more at: https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"955a914f-bf86-4f0e-acd5-e0766b0efcb6\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your web app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they @@ -16694,7 +19215,15 @@ interactions: Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},{\"field\":\"[concat('tags[', parameters('tagName'), ']')]\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f\"],\"operations\":[{\"operation\":\"add\",\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"HPC + Cache accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure HPC Cache with customer-managed keys. By default, + customer data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageCache/caches\"},{\"field\":\"Microsoft.StorageCache/caches/encryptionSettings.keyEncryptionKey.keyUrl\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/970f84d8-71b6-4091-9979-ace7e3fb6dbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"970f84d8-71b6-4091-9979-ace7e3fb6dbb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - MSS (Legacy)'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -16746,11 +19275,13 @@ interactions: Managed Control 1378 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"97fceb70-6983-42d0-9331-18ad8253184d\"},{\"properties\":{\"displayName\":\"Azure - Event Grid domains should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid domains that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid domains should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid domain instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"count\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9830b652-8523-49cc-b1b3-e17dce1127ca\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation only in United States data centers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows @@ -16834,7 +19365,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9943c16a-c54c-4b4a-ad28-bfd938cdbf57\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Azure + Batch account should use customer-managed keys to encrypt data\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Batch account's + data. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/Batch-CMK.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -16881,7 +19420,16 @@ interactions: IaaSAntimalware extension should be deployed on Windows servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to IoT + Hub device provisioning service, you can reduce data leakage risks. Learn + more about private links at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/provisioningServices\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"greaterOrEquals\":1},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotDps\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b75ea5b-c796-4c99-aaaf-21c204daac43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b75ea5b-c796-4c99-aaaf-21c204daac43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1236 - Software Usage Restrictions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9ba3ed84-c768-4e18-b87c-34ef1aff1b57\"},{\"properties\":{\"displayName\":\"Microsoft @@ -16898,7 +19446,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c284fc0-268a-4f29-af44-3c126674edb4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1135 - Non-Repudiation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cognitive Search service so that it is + not accessible over the public internet. This can reduce data leakage risks. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9cee519f-d9c1-4fd9-9f79-24ec3449ed30\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1489 - Location Of Information System Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9d0a794f-1444-4c96-9534-e35fc8c39c91\"},{\"properties\":{\"displayName\":\"Ensure @@ -16941,8 +19494,8 @@ interactions: Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your - resources.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application + resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application definition for Managed Application should use customer provided storage account\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use your own storage account to control the application definition data when this is a regulatory or compliance requirement. You can choose to store your managed @@ -16995,7 +19548,17 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Configure + Storage account to use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + storage account, you can reduce data leakage risks. Learn more about private + links at - https://aka.ms/azureprivatelinkoverview\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"The subnetId that private endpoint + connections should link to\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Type of sub-resource for the resource selected + above, that your private endpoint will be able to access\"},\"allowedValues\":[\"blob\",\"blob_secondary\",\"table\",\"table_secondary\",\"queue\",\"queue_secondary\",\"file\",\"web\",\"web_secondary\",\"dfs\",\"dfs_secondary\"],\"defaultValue\":\"blob\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"kind\",\"in\":[\"StorageV2\",\"BlobStorage\",\"BlockBlobStorage\",\"FileStorage\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":\"[array(parameters('targetSubResource'))]\",\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f766f00-8d11-464e-80e1-4091d7874074\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f766f00-8d11-464e-80e1-4091d7874074\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1354 - Incident Response Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9fd92c17-163a-4511-bb96-bbb476449796\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -17006,7 +19569,15 @@ interactions: auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search service should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of Azure Cognitive Search, Azure Private Link lets you connect + your virtual network to Azure services without a public IP address at the + source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your Search service, data leakage risks are reduced. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or Deny the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/sku.name\",\"equals\":\"free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a049bf77-880b-470f-ba6d-9f21c530cf83\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1145 - Security Assessments\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a0724970-9c75-4a64-a225-a28002953f28\"},{\"properties\":{\"displayName\":\"Allowed @@ -17039,7 +19610,16 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces/authorizationRules\"},{\"field\":\"name\",\"notEquals\":\"RootManageSharedAccessKey\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1817ec0-a368-432a-8057-8371e17ac6ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Event Hubs supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Event Hub will use to encrypt data in your namespace. Note that Event + Hub only supports encryption with customer-managed keys for namespaces in + dedicated clusters.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},{\"field\":\"Microsoft.EventHub/namespaces/clusterArmId\",\"exists\":\"true\"},{\"not\":{\"field\":\"Microsoft.EventHub/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Logic Apps to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -17091,7 +19671,15 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Resource + logs in Azure Key Vault Managed HSM should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + recreate activity trails for investigation purposes when a security incident + occurs or when your network is compromised, you may want to audit by enabling + resource logs on Managed HSMs. Please follow the instructions here: https://docs.microsoft.com/azure/key-vault/managed-hsm/logging.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2a5b911-5617-447e-a49e-59dbe0e0434b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1532 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2c66299-9017-4d95-8040-8bdbf7901d52\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17111,13 +19699,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1238 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Log + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Configure + Container registries to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Container Registry resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at https://aka.ms/acr/portal/public-network and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3701552-92ea-433e-9d17-33b7f1208fc9\"},{\"properties\":{\"displayName\":\"Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Security Center collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux Azure Monitor agent to enable Azure Monitor assignments + on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux Azure Monitor agent to Linux virtual machines hosted in Azure that are + supported by Azure Monitor. Azure Monitor agent collects events from the virtual + machine that can be used to provide recommendations. Target virtual machines + must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorLinuxAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorLinuxAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorLinuxAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4034bc6-ae50-406d-bf76-50f4ee5a7811\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a450eba6-2efc-4a00-846a-5804a93c6b77\"},{\"properties\":{\"displayName\":\"Audit @@ -17140,10 +19741,83 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"d1db3318-01ff-16de-29eb-28b344515626\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4fe33eb-e377-4efb-ab31-0784311bc499\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1617 - Application Partitioning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Auditing + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to CosmosDB account. + Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Dns Zone Id\",\"description\":\"The private DNS zone to deploy in a new private + DNS zone group and link to the private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Endpoint Group Id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"cosmosDB-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a63cc0bd-cda4-4178-b705-37dc439d3e0f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to an Event Hub to be enabled on Azure Key + Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Event Hub when any Azure Key Vault Managed HSM which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy\"},\"eventHubRuleId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Authorization Rule Id\",\"description\":\"The Event Hub authorization + rule Id for Azure Diagnostics. The authorization rule needs to be at Event + Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource + group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization + rule}\",\"strongType\":\"Microsoft.EventHub/Namespaces/AuthorizationRules\",\"assignPermissions\":true}},\"eventHubLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Location\",\"description\":\"The location the Event Hub resides in. Only + Azure Key Vault Managed HSMs in this location will be linked to this Event + Hub.\",\"strongType\":\"location\"},\"defaultValue\":\"\"},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Event + Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Event Hub - + True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"hsmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('hsmName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + diagnostic settings for ', parameters('hsmName'))]\"}}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"hsmName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6d2c800-5230-4a40-bff3-8268b4987d42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6d2c800-5230-4a40-bff3-8268b4987d42\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using HTTPS secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires HTTPS user and key secrets stored in Key + Vault. For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"httpsUserKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + user name Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS user name.\"},\"defaultValue\":\"\"},\"httpsKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + key Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"httpsUser\":{\"type\":\"securestring\"},\"httpsKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"httpsUser\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsUserKeyVaultSecretName')]\"}},\"httpsKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6f560f4-f582-4b67-b123-a37dcd1bf7ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6f560f4-f582-4b67-b123-a37dcd1bf7ea\"},{\"properties\":{\"displayName\":\"Auditing on SQL server should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing on your SQL Server should be enabled to track database activities across all - databases on the server, except Synapse, and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + databases on the server and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"},{\"properties\":{\"displayName\":\"The Log Analytics agent should be installed on virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -17161,9 +19835,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\"},{\"properties\":{\"displayName\":\"Azure DDoS Protection Standard should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"DDoS protection standard should be enabled for all virtual networks with a subnet - that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1570 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7fcf38d-bb09-4600-be7d-825046eb162a\"},{\"properties\":{\"displayName\":\"Require @@ -17228,8 +19902,11 @@ interactions: implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a96f743d-a195-420d-983a-08aa06bc441e\"},{\"properties\":{\"displayName\":\"SQL Managed Instances should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Managed - Instances should avoid using GRS storage for backups if data residency rules - require data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Instances should avoid using the default geo-redundant storage for backups, + if data residency rules require data to stay within a specific region. Note: + Azure Policy is not enforced when creating a database using T-SQL. If not + explicitly specified, database with geo-redundant backup storage is created + via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9934fd7-29f2-4e6d-ab3d-607ea38e9079\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9934fd7-29f2-4e6d-ab3d-607ea38e9079\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -17252,15 +19929,24 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9eae324-d327-4539-9293-b48e122465f8\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with owner permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure that Register with Azure Active Directory is enabled on WEB App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy is a duplicate of the respective Managed Identity policies. Please use /providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332 instead.\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"App Service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Microsoft + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning instances to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to an IoT Hub device + provisioning service instance. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotDps\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices-provisioning.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1539 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aabb155f-e7a5-4896-a767-e918bfae2ee0\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17302,7 +19988,77 @@ interactions: relevant non-compliant assignment and create a remediation task.\\nRepeat this step when you have one or more new subscriptions you want to monitor with Security Center.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Microsoft + Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Deploy + - Configure disaster recovery on virtual machines by enabling replication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual + machines without disaster recovery configurations are vulnerable to outages + and other disruptions. If the virtual machine does not already have disaster + recovery configured, this would initiate the same by enabling replication + using preset configurations to facilitate business continuity. To learn more + about disaster recovery, visit https://aka.ms/asr-doc.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Compute\"},\"parameters\":{\"sourceRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Source + Region\",\"description\":\"Region in which the virtual machine is originally + deployed\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Region\",\"description\":\"Region to be used to deploy the virtual machine + in case of a natural disaster\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Resource Group\",\"description\":\"Resource group to be used to create the + virtual machine in the target region\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Vault + Resource Group\",\"description\":\"The resource group containing the recovery + services vault used for disaster recovery configurations\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Services Vault\",\"description\":\"ID of the recovery services vault to be + used for disaster recovery configurations\",\"strongType\":\"Microsoft.RecoveryServices/vaults\",\"serviceName\":\"ASR\"}},\"recoveryNetworkId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Virtual Network\",\"description\":\"Existing Recovery Virtual Network ID or + name of the Virtual Network to be created in Target Region\",\"strongType\":\"Microsoft.Network/virtualNetworks\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"targetZone\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Availability Zone\",\"description\":\"Availability zone in the designated + target region to be used by virtual machines during disaster\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"equals\":\"[parameters('sourceRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.vhd.uri\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.encryptionSettings\",\"exists\":\"false\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"location\",\"equals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones[*]\",\"notEquals\":\"[parameters('targetZone')]\"}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"value\":\"[length(parameters('targetZone'))]\",\"greater\":0}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"false\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Resources/links\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"ASR-Protect-*\"},{\"field\":\"Microsoft.Resources/links/targetId\",\"contains\":\"/replicationProtectedItems/\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"apiVersion\":{\"type\":\"String\"},\"avSetId\":{\"type\":\"String\"},\"dataDiskIds\":{\"type\":\"object\"},\"osDiskId\":{\"type\":\"String\"},\"ppgId\":{\"type\":\"String\"},\"recoveryNetworkId\":{\"type\":\"String\"},\"recoverySubscriptionId\":{\"type\":\"String\"},\"sourceRegion\":{\"type\":\"String\"},\"sourceResourceGroupName\":{\"type\":\"String\"},\"targetRegion\":{\"type\":\"String\"},\"targetResourceGroupName\":{\"type\":\"String\"},\"targetZone\":{\"type\":\"String\"},\"vaultName\":{\"type\":\"String\"},\"vaultResourceGroupName\":{\"type\":\"String\"},\"vmId\":{\"type\":\"String\"},\"vmZones\":{\"type\":\"Object\"}},\"variables\":{\"avSetApiVersion\":\"2019-03-01\",\"deploymentApiVersion\":\"2017-05-10\",\"vmApiVersion\":\"2019-07-01\",\"ppgApiVersion\":\"2019-12-01\",\"portalLinkPrefix\":\"https://portal.azure.com/#@microsoft.onmicrosoft.com/resource\",\"schemaLink\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"defaultAvSet\":\"defaultAvSet-asr\",\"defaultPPG\":\"defaultPPG-asr\",\"eligibilityResultsDefault\":\"default\",\"protectedItemSuffix\":\"-policy\",\"recoveryAvSetPrefix\":\"RecoveryAvSet-\",\"recoveryPPGPrefix\":\"RecoveryPPG-\",\"avSetType\":\"Microsoft.Compute/availabilitySets\",\"deploymentType\":\"Microsoft.Resources/deployments\",\"networkType\":\"Microsoft.Network/virtualNetworks\",\"ppgType\":\"Microsoft.Compute/proximityPlacementGroups\",\"replicationEligibilityResultsType\":\"Microsoft.RecoveryServices/replicationEligibilityResults\",\"storageType\":\"Microsoft.Storage/storageAccounts\",\"vaultType\":\"Microsoft.RecoveryServices/vaults\",\"avSetTemplateName\":\"[concat(variables('recoveryAvSetPrefix'), + last(split(parameters('vmId'), '/')))]\",\"avSetTemplateName64\":\"[if(greater(length(variables('avSetTemplateName')), + 64), substring(variables('avSetTemplateName'), 0, 64), variables('avSetTemplateName'))]\",\"ppgTemplateName\":\"[concat(variables('recoveryPPGPrefix'), + last(split(parameters('vmId'), '/')))]\",\"ppgTemplateName64\":\"[if(greater(length(variables('ppgTemplateName')), + 64), substring(variables('ppgTemplateName'), 0, 64), variables('ppgTemplateName'))]\",\"replicationProtectedIntentTemplateName\":\"[concat('ASR-', + parameters('sourceResourceGroupName'), '-', last(split(parameters('vmId'), + '/')))]\",\"replicationProtectedIntentTemplateName64\":\"[if(greater(length(variables('replicationProtectedIntentTemplateName')), + 64), substring(variables('replicationProtectedIntentTemplateName'), 0, 64), + variables('replicationProtectedIntentTemplateName'))]\",\"vmDataDiskIds\":\"[array(parameters('dataDiskIds').rawValue)]\",\"vmDiskCount\":\"[add(length(variables('vmDataDiskIds')), + int(1))]\",\"diskIds\":\"[concat(array(parameters('osDiskId')), array(parameters('dataDiskIds').rawValue))]\",\"vaultId\":\"[resourceId(parameters('vaultResourceGroupName'), + variables('vaultType'), parameters('vaultName'))]\",\"eligibilityResultsId\":\"[extensionResourceId(parameters('vmId'), + variables('replicationEligibilityResultsType'), variables('eligibilityResultsDefault'))]\",\"protectedIntentName\":\"[concat(parameters('vaultName'), + '/', guid(resourceGroup().id, last(split(parameters('vmId'), '/'))), variables('protectedItemSuffix'))]\",\"recoveryAvSetName\":\"[if(empty(parameters('avSetId')), + variables('defaultAvSet'), concat(last(split(parameters('avSetId'), '/')), + '-asr'))]\",\"recoveryAvSetId\":\"[if(empty(parameters('avSetId')), '', resourceId(parameters('targetResourceGroupName'), + variables('avSetType'), variables('recoveryAvSetName')))]\",\"recoveryAvType\":\"[if(not(empty(parameters('avSetId'))), + 'AvailabilitySet', if(greater(length(parameters('vmZones').rawValue), 0), + 'AvailabilityZone', 'Single'))]\",\"recoveryAvZone\":\"[if(greater(length(parameters('vmZones').rawValue), + 0), parameters('targetZone'), '')]\",\"recoveryPPGName\":\"[if(empty(parameters('ppgId')), + variables('defaultPPG'), concat(last(split(parameters('ppgId'), '/')), '-asr'))]\",\"recoveryPPGId\":\"[if(empty(parameters('ppgId')), + '', resourceId(parameters('targetResourceGroupName'), variables('ppgType'), + variables('recoveryPPGName')))]\",\"targetResourceGroupId\":\"[concat('/subscriptions/', + parameters('recoverySubscriptionId'), '/resourceGroups/', parameters('targetResourceGroupName'))]\"},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('ppgTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"type\":\"[variables('ppgType')]\",\"name\":\"[variables('recoveryPPGName')]\",\"apiVersion\":\"[variables('ppgApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"properties\":{\"proximityPlacementGroupType\":\"[if(empty(parameters('ppgId')), + 'Standard', reference(parameters('ppgId'), variables('ppgApiVersion')).proximityPlacementGroupType)]\"}}]},\"parameters\":{}}},{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('avSetTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"type\":\"[variables('avSetType')]\",\"sku\":{\"name\":\"[if(empty(parameters('avSetId')), + 'Aligned', reference(parameters('avSetId'), variables('avSetApiVersion'), + 'Full').sku.name)]\"},\"name\":\"[variables('recoveryAvSetName')]\",\"apiVersion\":\"[variables('avSetApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"tags\":{},\"properties\":{\"platformUpdateDomainCount\":\"[if(empty(parameters('avSetId')), + '5', reference(parameters('avSetId'), variables('avSetApiVersion')).platformUpdateDomainCount)]\",\"platformFaultDomainCount\":\"[if(empty(parameters('avSetId')), + '2', reference(parameters('avSetId'), variables('avSetApiVersion')).platformFaultDomainCount)]\",\"proximityPlacementGroup\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"id\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\"}}]},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\"]},{\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('replicationProtectedIntentTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('vaultResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/replicationProtectionIntents\",\"name\":\"[variables('protectedIntentName')]\",\"apiVersion\":\"[parameters('apiVersion')]\",\"properties\":{\"providerSpecificDetails\":{\"instanceType\":\"A2A\",\"fabricObjectId\":\"[parameters('vmId')]\",\"primaryLocation\":\"[parameters('sourceRegion')]\",\"recoveryLocation\":\"[parameters('targetRegion')]\",\"recoverySubscriptionId\":\"[parameters('recoverySubscriptionId')]\",\"recoveryAvailabilityType\":\"[variables('recoveryAvType')]\",\"recoveryAvailabilityZone\":\"[variables('recoveryAvZone')]\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\",\"recoveryAvailabilitySetCustomInput\":\"[if(empty(parameters('avSetId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryAvailabilitySetId\\\"', ':', '\\\"', variables('recoveryAvSetId'), + '\\\"', '}')))]\",\"recoveryProximityPlacementGroupCustomInput\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryProximityPlacementGroupId\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\",\"recoveryVirtualNetworkCustomInput\":\"[if(contains(parameters('recoveryNetworkId'), + '/'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryVirtualNetworkId\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"New\\\",', + '\\\"recoveryVirtualNetworkName\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')))]\",\"vmDisks\":[],\"copy\":[{\"name\":\"vmManagedDisks\",\"count\":\"[variables('vmDiskCount')]\",\"input\":{\"diskId\":\"[if(equals(copyIndex('vmManagedDisks'), + int(0)), reference(parameters('vmId'), variables('vmApiVersion')).storageProfile.osDisk.managedDisk.Id, + variables('vmDataDiskIds')[sub(copyIndex('vmManagedDisks'), int(1))])]\",\"recoveryResourceGroupCustomInput\":{\"resourceType\":\"Existing\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\"}}}]}}}],\"outputs\":{\"vmName\":{\"value\":\"[last(split(parameters('vmId'), + '/'))]\",\"type\":\"string\"},\"availabilitySetUrl\":{\"value\":\"[if(empty(parameters('avSetId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryAvSetId')))]\",\"type\":\"string\"},\"proximityPlacementGroupUrl\":{\"value\":\"[if(empty(parameters('ppgId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryPPGId')))]\",\"type\":\"string\"},\"replicationEligibilityResults\":{\"value\":\"[reference(variables('eligibilityResultsId'), + parameters('apiVersion'))]\",\"type\":\"Object\"}}},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\",\"[variables('avSetTemplateName64')]\"]}],\"outputs\":{}},\"parameters\":{\"apiVersion\":{\"value\":\"2018-07-10\"},\"avSetId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/availabilitySet.id')]\"},\"dataDiskIds\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\"emptyArray\":[]}},\"osDiskId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"},\"ppgId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/proximityPlacementGroup.id')]\"},\"recoveryNetworkId\":{\"value\":\"[parameters('recoveryNetworkId')]\"},\"recoverySubscriptionId\":{\"value\":\"[subscription().subscriptionId]\"},\"sourceRegion\":{\"value\":\"[parameters('sourceRegion')]\"},\"sourceResourceGroupName\":{\"value\":\"[resourcegroup().Name]\"},\"targetRegion\":{\"value\":\"[parameters('targetRegion')]\"},\"targetResourceGroupName\":{\"value\":\"[last(split(parameters('targetResourceGroupId'), + '/'))]\"},\"targetZone\":{\"value\":\"[parameters('targetZone')]\"},\"vaultName\":{\"value\":\"[last(split(parameters('vaultId'), + '/'))]\"},\"vaultResourceGroupName\":{\"value\":\"[last(split(parameters('vaultResourceGroupId'), + '/'))]\"},\"vmId\":{\"value\":\"[field('id')]\"},\"vmZones\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/zones')]\",\"emptyArray\":[]}}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac34a73f-9fa5-4067-9247-a3ecae514468\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac34a73f-9fa5-4067-9247-a3ecae514468\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -17312,7 +20068,26 @@ interactions: Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"Configure + Synapse workspaces to have auditing enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure the operations performed against your SQL assets are captured, Synapse + workspaces should have auditing enabled. This is sometimes required for compliance + with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"Integer\",\"metadata\":{\"description\":\"The + value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention + days (optional, 180 days if unspecified)\"},\"defaultValue\":180},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name for storage accounts\",\"description\":\"Auditing writes database + events to an audit log in your Azure Storage account (a storage account will + be created in each region where a Synapse workspace is created that will be + shared by all Synapse workspaces in that region). Important - for proper operation + of Auditing do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"workspaceName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"int\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[parameters('auditRetentionDays')]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), + 0, 3)]\",\"storageName\":\"[tolower(concat('workspaceaudit', variables('locationCode'), + variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('workspaceAuditingStorageAccount-', + uniqueString(variables('locationCode'), deployment().name))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure Synapse workspaces to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('workspaceName'), + '/Default')]\",\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"workspaceName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation if 'environment' tag value in allowed values\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Tags\",\"deprecated\":true},\"parameters\":{},\"policyRule\":{\"if\":{\"not\":{\"field\":\"tags['environment']\",\"in\":[\"production\",\"dev\",\"test\",\"staging\"]}},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17335,11 +20110,14 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae5d2f14-d830-42b6-9899-df6cfe9c71a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1598 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Virtual - machines should have the Guest Configuration extension\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - machines in Azure that do not have the Guest Configuration extension are Noncompliant. - The extension is required to audit or configure settings inside Azure virtual - machines. For more information about Guest Configuration, see https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Guest + Configuration extension should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure configurations of in-guest settings of your machine, install + the Guest Configuration extension. In-guest settings that the extension monitors + include the configuration of the operating system, application configuration + or presence, and environment settings. Once installed, in-guest policies will + be available such as 'Windows Exploit guard should be enabled'. Learn more + at https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\",\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae89ebca-1c92-4898-ac2c-9f63decb045c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Email notifications to admins should be enabled in SQL Managed Instance advanced @@ -17367,9 +20145,9 @@ interactions: against which this policy will be evaluated.\"},\"allowedValues\":[\"Standard\"],\"defaultValue\":[\"Standard\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppPlatform/Spring\"},{\"field\":\"Microsoft.AppPlatform/Spring/sku.tier\",\"in\":\"[parameters('evaluatedSkuNames')]\"},{\"field\":\"Microsoft.AppPlatform/Spring/networkProfile.serviceRuntimeSubnetId\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af35e2a4-ef96-44e7-a9ae-853dd97032c4\"},{\"properties\":{\"displayName\":\"Monitor missing Endpoint Protection in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers without an installed Endpoint Protection agent will be monitored by Azure - Security Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Security Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: Monitor unaudited SQL servers in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"SQL servers which don't have SQL auditing turned on will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced @@ -17393,13 +20171,27 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b07c9b24-729e-4e85-95fc-f224d2d08a80\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1711 - Security Function Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Management + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should be injected into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Injecting + Azure HDInsight clusters in a virtual network unlocks advanced HDInsight networking + and security features and provides you with control over your network security + configuration.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"count\":{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.id\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.subnet\",\"exists\":false}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0ab5b05-1c98-40f7-bb9e-dc568e41b501\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0ab5b05-1c98-40f7-bb9e-dc568e41b501\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints connect to Azure SignalR + Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure SignalR + Service resource. Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"description\":\"Private DNS zone to integrate with private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"defaultValue\":\"privatelink.service.signalr.net\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"signalr\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-service-signalr-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0e86710-7fb7-4a6c-a064-32e9b829509e\"},{\"properties\":{\"displayName\":\"Management ports of virtual machines should be protected with just-in-time network access control\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Possible network Just In Time (JIT) access will be monitored by Azure Security Center - as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1571 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b11c985b-f2cd-4bd7-85f4-b52426edf905\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -17415,8 +20207,10 @@ interactions: implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b19454ca-0d70-42c0-acf5-ea1c1e5726d1\"},{\"properties\":{\"displayName\":\"SQL Database should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Databases - should avoid using GRS storage for backups if data residency rules require - data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + should avoid using the default geo-redundant storage for backups, if data + residency rules require data to stay within a specific region. Note: Azure + Policy is not enforced when creating a database using T-SQL. If not explicitly + specified, database with geo-redundant backup storage is created via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},{\"field\":\"Microsoft.Sql/servers/databases/edition\",\"notEquals\":\"DataWarehouse\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1091 - Security Awareness Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -17468,7 +20262,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[SecureWebServer]s1;MinimumTLSVersion\",\"value\":\"[parameters('MinimumTLSVersion')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is deployed for the indicated Storage Sync Service resource. + This enables you to address your Storage Sync Service resource from within + the private IP address space of your organization's network, rather than through + the internet-accessible public endpoint. The existence of one or more private + endpoints by themselves does not disable the public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet with private endpoint network policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"afs\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b35dddd9-daf7-423b-8375-5a5b86806d5a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b35dddd9-daf7-423b-8375-5a5b86806d5a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -17476,20 +20278,36 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to a Log Analytics workspace to be enabled + on Azure Key Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Log Analytics workspace when any Azure Key Vault Managed HSM which is missing + this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + to send log to. If this workspace is outside of the scope of the assignment + you must manually grant 'Log Analytics Contributor' permissions (or similar) + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3884c81-31aa-473d-a9bb-9466fe0ec2a0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3884c81-31aa-473d-a9bb-9466fe0ec2a0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3d8d15b-627a-4219-8c96-4d16f788888b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1380 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Resource logs in Search services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1172 - Internal System Connections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b43e946e-a4c8-4b92-8201-4a39331db43c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17526,22 +20344,32 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsShutdown\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Shutdown: Allow system to be shut down without having to log on;ExpectedValue', '=', parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'), ',', 'Shutdown: - Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"A - security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter + Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"Azure + Stack Edge devices should use double-encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + secure the data at rest on the device, ensure it's double-encrypted, the access + to data is controlled, and once the device is deactivated, the data is securely + erased off the data disks. Double encryption is the use of two layers of encryption: + BitLocker XTS-AES 256-bit encryption on the data volumes and built-in encryption + of the hard drives. Learn more in the security overview documentation for + the specific Stack Edge device.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + Stack Edge\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBoxEdge/DataBoxEdgeDevices\"},{\"field\":\"Microsoft.DataboxEdge/DataBoxEdgeDevices/sku.name\",\"notIn\":[\"TEA_1Node\",\"TEA_1Node_UPS\",\"TEA_1Node_Heater\",\"TEA_1Node_UPS_Heater\",\"TEA_4Node_Heater\",\"TEA_4Node_UPS_Heater\",\"TMA\",\"EdgePR_Base\",\"EdgePR_Base_UPS\",\"EdgeMR_Mini\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4ac1030-89c5-4697-8e00-28b5ba6a8811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4ac1030-89c5-4697-8e00-28b5ba6a8811\"},{\"properties\":{\"displayName\":\"[Deprecated]: + A security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter a phone number to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft + compromised resources - This policy is deprecated because phone numbers are + no longer used in any scenario by Azure Security Center\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4f9b47a-2116-4e6f-88db-4edbf22753f1\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for PostgreSQL can only be accessed from a private endpoint. This - configuration strictly disables access from any public address space outside - of Azure IP range, and denies all logins that match IP or virtual network-based - firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b52376f7-9612-48a1-81cd-1ffe4b61032c\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should only use Azure Active Directory for client authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit usage of client authentication only via Azure Active Directory in Service @@ -17556,7 +20384,16 @@ interactions: enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts with private endpoints \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + CosmosDB account, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet in the location\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointGroupId\",\"description\":\"A + group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"privateEndpointGroupId\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"String\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"[parameters('privateEndpointGroupId')]\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b609e813-3156-4079-91fa-a8494c1471c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b609e813-3156-4079-91fa-a8494c1471c4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6747bf9-2b97-45b8-b162-3c8becb9937d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17572,17 +20409,53 @@ interactions: at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you - understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit + understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit if Network Watcher is not enabled for region(s).\",\"strongType\":\"location\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"NetworkWatcher resource group name\",\"description\":\"Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers - are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft + are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1608 - Supply Chain Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1401 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"API + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for SQL Databases to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for SQL Databases to stream resource logs to a Log + Analytics workspace when any SQL Database which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"SQLDatabaseDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select the Log Analytics workspace + from dropdown list\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreRuntimeStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreRuntimeStatistics + logs to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreWaitStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"ErrorsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Errors + - Enabled\",\"description\":\"Whether to stream Errors logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"DatabaseWaitStatistics + - Enabled\",\"description\":\"Whether to stream DatabaseWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"BlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Blocks + - Enabled\",\"description\":\"Whether to stream Blocks logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLInsightsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLInsights + - Enabled\",\"description\":\"Whether to stream SQLInsights logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLSecurityAuditEvents + - Enabled\",\"description\":\"Whether to stream SQLSecurityAuditEvents logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"TimeoutsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Timeouts + - Enabled\",\"description\":\"Whether to stream Timeouts logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AutomaticTuningEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AutomaticTuning + - Enabled\",\"description\":\"Whether to stream AutomaticTuning logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DeadlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Deadlocks + - Enabled\",\"description\":\"Whether to stream Deadlocks logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Basic\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Basic + (metric) - Enabled\",\"description\":\"Whether to stream Basic metrics to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"InstanceAndAppAdvanced\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"InstanceAndAppAdvanced + (metric) - Enabled\",\"description\":\"Whether to stream InstanceAndAppAdvanced + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"WorkloadManagement\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"WorkloadManagement + (metric) - Enabled\",\"description\":\"Whether to stream WorkloadManagement + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"matchInsensitively\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Basic\":{\"type\":\"string\"},\"InstanceAndAppAdvanced\":{\"type\":\"string\"},\"WorkloadManagement\":{\"type\":\"string\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"string\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"string\"},\"ErrorsEnabled\":{\"type\":\"string\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"string\"},\"BlocksEnabled\":{\"type\":\"string\"},\"SQLInsightsEnabled\":{\"type\":\"string\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"string\"},\"TimeoutsEnabled\":{\"type\":\"string\"},\"AutomaticTuningEnabled\":{\"type\":\"string\"},\"DeadlocksEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Basic\",\"enabled\":\"[parameters('Basic')]\"},{\"category\":\"InstanceAndAppAdvanced\",\"enabled\":\"[parameters('InstanceAndAppAdvanced')]\"},{\"category\":\"WorkloadManagement\",\"enabled\":\"[parameters('WorkloadManagement')]\"}],\"logs\":[{\"category\":\"SQLInsights\",\"enabled\":\"[parameters('SQLInsightsEnabled')]\"},{\"category\":\"AutomaticTuning\",\"enabled\":\"[parameters('AutomaticTuningEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},{\"category\":\"Errors\",\"enabled\":\"[parameters('ErrorsEnabled')]\"},{\"category\":\"DatabaseWaitStatistics\",\"enabled\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},{\"category\":\"Timeouts\",\"enabled\":\"[parameters('TimeoutsEnabled')]\"},{\"category\":\"Blocks\",\"enabled\":\"[parameters('BlocksEnabled')]\"},{\"category\":\"Deadlocks\",\"enabled\":\"[parameters('DeadlocksEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"Basic\":{\"value\":\"[parameters('Basic')]\"},\"InstanceAndAppAdvanced\":{\"value\":\"[parameters('InstanceAndAppAdvanced')]\"},\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"WorkloadManagement\":{\"value\":\"[parameters('WorkloadManagement')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},\"QueryStoreWaitStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},\"ErrorsEnabled\":{\"value\":\"[parameters('ErrorsEnabled')]\"},\"DatabaseWaitStatisticsEnabled\":{\"value\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},\"BlocksEnabled\":{\"value\":\"[parameters('BlocksEnabled')]\"},\"SQLInsightsEnabled\":{\"value\":\"[parameters('SQLInsightsEnabled')]\"},\"SQLSecurityAuditEventsEnabled\":{\"value\":\"[parameters('SQLSecurityAuditEventsEnabled')]\"},\"TimeoutsEnabled\":{\"value\":\"[parameters('TimeoutsEnabled')]\"},\"AutomaticTuningEnabled\":{\"value\":\"[parameters('AutomaticTuningEnabled')]\"},\"DeadlocksEnabled\":{\"value\":\"[parameters('DeadlocksEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b79fa14e-238a-4c2d-b376-442ce508fc84\"},{\"properties\":{\"displayName\":\"API App should only be accessible over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App @@ -17606,7 +20479,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;Members\",\"value\":\"[parameters('Members')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Event Hub namespaces, data + leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b8564268-eb4a-4337-89be-a19db070c59d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b8564268-eb4a-4337-89be-a19db070c59d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -17659,17 +20540,27 @@ interactions: category: 'Security Options - Recovery console'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsRecoveryconsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba12366f-f9a6-42b8-9d98-157d0b1a837b\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should be encrypted with a customer-managed key - (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have encryption enabled with - customer-managed keys (CMK). Customer-managed keys add an additional layer - of security for workspaces. For more information, visit https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Machine + Machine Learning workspaces should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"not\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/encryption.status\",\"equals\":\"enabled\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba769a63-b8cc-4b2d-abf6-ac33c7204be8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"topic\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"topic-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baf19753-7502-405f-8745-370519b20483\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1726 - Information Handling And Retention\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baff1279-05e0-4463-9a70-8ba5de4c7aa4\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17682,9 +20573,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your non-internet-facing virtual machines from potential threats by restricting access with network security groups (NSG). Learn more about controlling traffic - with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1533 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -17775,15 +20666,33 @@ interactions: IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be - reviewed by the network security team.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + reviewed by the network security team.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"Container + registries should have SKUs that support Private Links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your container registries + instead of the entire service, data leakage risks are reduced. Learn more + at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"notEquals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\"},{\"properties\":{\"displayName\":\"[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"SQL\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for DNS should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for DNS provides an additional layer of protection for your cloud + resources by continuously monitoring all DNS queries from your Azure resources. + Azure Defender alerts you about suspicious activity at the DNS layer. Learn + more about the capabilities of Azure Defender for DNS at https://aka.ms/defender-for-dns + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Dns\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bdc59948-5574-49b3-bb91-76b7c986428d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bdc59948-5574-49b3-bb91-76b7c986428d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -17815,15 +20724,13 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NumberOfDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Number of days\",\"description\":\"The number of days without restart until the machine is considered non-compliant\"},\"defaultValue\":\"12\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[MachineUpTime]MachineLastBootUpTime;NumberOfDays', - '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Audit - Windows machines on which Windows Defender Exploit Guard is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the PowerShell command - Get-MPPreference returns configuration details that does not match expected - values. Windows Defender Exploit Guard helps protect against malware that - uses exploits to infect devices and spread. Exploit Guard protection consists - of a number of mitigations that can be applied to either the operating system - or individual apps.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Windows + Defender Exploit Guard should be enabled on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows + Defender Exploit Guard uses the Azure Policy Guest Configuration agent. Exploit + Guard has four components that are designed to lock down devices against a + wide variety of attack vectors and block behaviors commonly used in malware + attacks while enabling enterprises to balance their security risk and productivity + requirements (Windows only).\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NotAvailableMachineState\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Status if Windows Defender is not available on machine\",\"description\":\"Windows @@ -17866,7 +20773,17 @@ interactions: Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is a private IP address allocated inside a customer-owned + virtual network via which an Azure resource is reachable. This policy deploys + a private endpoint for your IoT hub to allow services inside your virtual + network to reach IoT Hub without requiring traffic to be sent to IoT Hub's + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotHub\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf684997-3909-404e-929c-d4a38ed23b2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf684997-3909-404e-929c-d4a38ed23b2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf6850fe-abba-468e-9ef4-d09ec7d983cd\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -17891,7 +20808,55 @@ interactions: Group Membership;ExpectedValue\",\"value\":\"[parameters('AuditGroupMembership')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Only + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using SSH secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires a SSH private key secret in Key Vault. + For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"sshKnownHostsContents\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Base64-encoded + known hosts content\",\"description\":\"The base64-encoded known hosts content.\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"sshPrivateKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SSH + private key Key Vault secret\",\"description\":\"The name of the Key Vault + secret that holds the base64-encoded SSH private key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/sshKnownHostsContents\",\"equals\":\"[parameters('sshKnownHostsContents')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"sshKnownHostsContents\":{\"type\":\"string\"},\"sshPrivateKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":{\"value\":\"[parameters('sshKnownHostsContents')]\"},\"sshPrivateKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('sshPrivateKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c050047b-b21b-4822-8a2d-c1e37c3c0c6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c050047b-b21b-4822-8a2d-c1e37c3c0c6a\"},{\"properties\":{\"displayName\":\"Configure + private endpoint connections on Azure Automation accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Azure Automation accounts without a need for public IP addresses at the + source or destination. Learn more about private endpoints in Azure Automation + at https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Webhook\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}},{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"DSCAndHybridWorker\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c0c3130e-7dda-4187-aed0-ee4a472eaa60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c0c3130e-7dda-4187-aed0-ee4a472eaa60\"},{\"properties\":{\"displayName\":\"Only approved VM extensions should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy governs the virtual machine extensions that are not approved.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"approvedExtensions\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -18037,7 +21002,8 @@ interactions: for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, - verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure Defender for container registries should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Defender for container registries provides vulnerability scanning of any images pulled within the last 30 days, pushed to your registry, or imported, and @@ -18068,19 +21034,37 @@ interactions: Box\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"supportedSKUs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Supported SKUs\",\"description\":\"The list of SKUs that support software-based double - encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Microsoft + encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Azure + Key Vault Managed HSM should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + deletion of an Azure Key Vault Managed HSM can lead to permanent data loss. + A malicious insider in your organization can potentially delete and purge + Azure Key Vault Managed HSM. Purge protection protects you from insider attacks + by enforcing a mandatory retention period for soft deleted Azure Key Vault + Managed HSM. No one inside your organization or Microsoft will be able to + purge your Azure Key Vault Managed HSM during the soft delete retention period.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/managedHsms/enableSoftDelete\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.KeyVault/managedHsms/enablePurgeProtection\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39ba22d-4428-4149-b981-70acb31fc383\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1389 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39e6fda-ae70-4891-a739-be7bba6d1062\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"System + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for Resource Manager should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for Resource Manager automatically monitors the resource management + operations in your organization. Azure Defender detects threats and alerts + you about suspicious activity. Learn more about the capabilities of Azure + Defender for Resource Manager at https://aka.ms/defender-for-resource-manager + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Arm\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3d20c29-b36d-48fe-808b-99a87530ad99\"},{\"properties\":{\"displayName\":\"System updates on virtual machine scale sets should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine - scale sets are secure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + scale sets are secure.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -18110,9 +21094,9 @@ interactions: implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4aff9e7-2e60-46fa-86be-506b79033fc5\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your API App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they @@ -18272,27 +21256,25 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c69b870e-857b-458b-af02-bb234f7a00d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1125 - Audit Reduction And Report Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"Deploy + Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific - categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Profile name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Log Analytics workspace\",\"description\":\"Select Log Analytics workspace - from dropdown list. If this workspace is outside of the scope of the assignment + categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select Log Analytics workspace from + dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Name\",\"description\":\"Name of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Value\",\"description\":\"Value of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Name\",\"description\":\"Name of the tag to use for excluding vaults from + this policy. This should be used along with the Exclusion Tag Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Value\",\"description\":\"Value of the tag to use for excluding vaults + from this policy. This should be used along with the Exclusion Tag Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allof\":[{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"allof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Category\",\"in\":[\"CoreAzureBackup\",\"AddonAzureBackupJobs\",\"AddonAzureBackupAlerts\",\"AddonAzureBackupPolicy\",\"AddonAzureBackupStorage\",\"AddonAzureBackupProtectedInstance\"]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Enabled\",\"equals\":\"True\"}]}},\"Equals\":6},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType\",\"equals\":\"Dedicated\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vaultName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"logAnalyticsDestinationType\":\"Dedicated\",\"metrics\":[],\"logs\":[{\"category\":\"CoreAzureBackup\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupAlerts\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupJobs\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupPolicy\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupProtectedInstance\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupStorage\",\"enabled\":\"true\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), - 'configured for diagnostic logs for ', ': ', parameters('vaultName'), '/', - 'Microsoft.Insights/', parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft + 'configured for resource logs for ', ': ', parameters('vaultName'), '/', 'Microsoft.Insights/', + parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1619 - Information In Shared Resources\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c722e569-cb52-45f3-a643-836547d016e1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18356,15 +21338,15 @@ interactions: This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Resource logs in Data Lake Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -18386,6 +21368,17 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c96f3246-4382-4264-bf6b-af0b35e23c3c\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private DNS provides a reliable, secure DNS service to manage and resolve + domain names in a virtual network without the need to add a custom DNS solution. + You can use private DNS zones to override the DNS resolution by using your + own custom domain names for a private endpoint. This policy deploys a private + DNS Zone for IoT Hub private endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotHub\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy automatically deploys diagnostic settings to network security groups. A storage account with name '{storagePrefixParameter}{NSGLocation}' will be @@ -18406,11 +21399,30 @@ interactions: network rules. These services will then use strong authentication to access the storage account.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"notContains\":\"AzureServices\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9d007d0-c057-4772-b18c-01e546713bcd\"},{\"properties\":{\"displayName\":\"App - Configuration should use a private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - endpoint connections allow clients on a virtual network to securely access - Azure App Configuration over a private link.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App + Configuration should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your app configuration instances + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows Azure Monitor agent to enable Azure Monitor assignments + on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows Azure Monitor agent to Windows virtual machines hosted in Azure that + are supported by Azure Monitor. Azure Monitor agent collects events from the + virtual machine that can be used to provide recommendations. Target virtual + machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorWindowsAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorWindowsAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca817e41-e85a-4783-bc7f-dc532d36235e\"},{\"properties\":{\"displayName\":\"Managed + disks should be double encrypted with both platform-managed and customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"High + security sensitive customers who are concerned of the risk associated with + any particular encryption algorithm, implementation, or key being compromised + can opt for additional layer of encryption using a different encryption algorithm/mode + at the infrastructure layer using platform managed encryption keys. The disk + encryption sets are required to use double encryption. Learn more at https://aka.ms/disks-doubleEncryption.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/diskEncryptionSets\"},{\"field\":\"Microsoft.Compute/diskEncryptionSets/encryptionType\",\"notEquals\":\"EncryptionAtRestWithPlatformAndCustomerKeys\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca91455f-eace-4f96-be59-e6e2c35b4816\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca94b046-45e2-444f-a862-dc8ce262a516\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18456,9 +21468,9 @@ interactions: Sensitive data in your SQL databases should be classified\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive - data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Security + data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"3.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed virtual machine size SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of virtual machine size SKUs that your organization can deploy.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Compute\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -18488,12 +21500,12 @@ interactions: Managed Control 1104 - Audit Events\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdd8d244-18b2-4306-a1d1-df175ae0935f\"},{\"properties\":{\"displayName\":\"Deploy - export to Event Hub for Azure Security Center alerts and recommendations\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - export to Event Hub of Azure Security Center alerts and/or recommendations. - This policy deploys an export to Event Hub configuration with your conditions - and target Event Hub on the assigned scope. To deploy this policy on newly - created subscriptions, open the Compliance tab, select the relevant non-compliant - assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + export to Event Hub for Azure Security Center data\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + export to Event Hub of Azure Security Center data. This policy deploys an + export to Event Hub configuration with your conditions and target Event Hub + on the assigned scope. To deploy this policy on newly created subscriptions, + open the Compliance tab, select the relevant non-compliant assignment and + create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Event Hub configuration is created. If you enter a name for a resource group @@ -18501,17 +21513,20 @@ interactions: group can only have one export to Event Hub configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Event Hub configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;\"},\"allowedValues\":[\"Security recommendations\",\"Security - alerts\",\"Overall secure score\",\"Secure score controls\"],\"defaultValue\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -18522,30 +21537,52 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event Hub details\",\"description\":\"The Event Hub details of where the data should be exported to: Subscription, Event Hub Namespace, Event Hub, and Authorizations - rules with 'Send' claim. If you do not already have an event hub, visit Event - Hubs to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.EventHub%2Fnamespaces).\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + rules with 'Send' claim.\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"SeperatedEventHubDetails\":\"[split(parameters('eventHubDetails'),'/')]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"exportToEventHub\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Event Hub via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', @@ -18554,7 +21591,7 @@ interactions: '/', variables('SeperatedEventHubDetails')[3], '/', variables('SeperatedEventHubDetails')[4], '/', variables('SeperatedEventHubDetails')[5], '/', variables('SeperatedEventHubDetails')[6], '/', variables('SeperatedEventHubDetails')[7], '/', variables('SeperatedEventHubDetails')[8], - '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -18584,15 +21621,15 @@ interactions: Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Resource logs in Key Vault should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Key + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -18600,15 +21637,15 @@ interactions: Managed Control 1724 - Error Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d07594d1-0307-4c08-94db-5d71ff31f0f6\"},{\"properties\":{\"displayName\":\"Container - registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have any network or firewall (IP) rules configured - and so allow all network access by default. Restricting network access protects - container registries from potential threats. Container registries with at - least one IP / firewall rule or configured virtual network are deemed compliant. - For more information on Container Registry network rules, visit: https://aka.ms/acr/portal/public-network - and https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn't have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1084 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\"},{\"properties\":{\"displayName\":\"Add @@ -18645,12 +21682,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d1e1d65c-1013-4484-bd54-991332e6a0d2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1721 - Spam Protection | Central Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Guest - Configuration extension should be deployed to Azure virtual machines with - system assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Virtual + machines' Guest Configuration extension should be deployed with system-assigned + managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The Guest Configuration extension requires a system assigned managed identity. - This policy will report instances of the extension as non-compliant when the - machine where it is installed does not have a system assigned managed identity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Azure virtual machines in the scope of this policy will be non-compliant when + they have the Guest Configuration extension installed but do not have a system + assigned managed identity. Learn more at https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines/extensions\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines\",\"name\":\"[first(split(field('fullName'), '/'))]\",\"existenceCondition\":{\"field\":\"identity.type\",\"contains\":\"SystemAssigned\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d26f7642-7545-4e18-9b75-8c9bbdee3a9a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18660,7 +21698,15 @@ interactions: Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"domain\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"domain-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d389df0a-e0d7-4607-833c-75a6fdac2c2d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows VMs on which @@ -18710,7 +21756,16 @@ interactions: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id\",\"like\":\"[concat(parameters('virtualNetworkId'),'/*')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d416745a-506c-48b6-8ab1-83cb814bcaa3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1383 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Managed + disks should use a specific set of disk encryption sets for the customer-managed + key encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requiring + a specific set of disk encryption sets to be used with managed disks give + you control over the keys used for encryption at rest. You are able to select + the allowed encrypted sets and all others are rejected when attached to a + disk. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"allowedEncryptionSets\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + disk encryption set\",\"description\":\"The list of allowed disk encryption + sets for managed disks.\",\"strongType\":\"Microsoft.Compute/diskEncryptionSets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d461a302-a187-421a-89ac-84acdb4edc04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d461a302-a187-421a-89ac-84acdb4edc04\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Interactive Logon'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Interactive Logon' for displaying last user name and requiring ctrl-alt-del. @@ -18722,7 +21777,16 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsInteractiveLogon\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d472d2c9-d6a3-4500-9f5f-b15f123005aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d472d2c9-d6a3-4500-9f5f-b15f123005aa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1112 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs for Application Insights should be linked to a Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + the Application Insights component to a Log Analytics workspace for logs encryption. + Customer-managed keys are commonly required to meet regulatory compliance + and for more control over the access to your data in Azure Monitor. Linking + your component to a Log Analytics workspace that's enabled with a customer-managed + key, ensures that your Application Insights logs meet this compliance requirement, + see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/components\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"equals\":\"\"},{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"exists\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d550e854-df1a-4de9-bf44-cd894b39a95e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d550e854-df1a-4de9-bf44-cd894b39a95e\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic @@ -18825,7 +21889,23 @@ interactions: auditing Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that IoT Hub device provisioning + service instance isn't exposed on the public internet. Creating private endpoints + can limit exposure of the IoT Hub device provisioning instances. Learn more + at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d82101f3-f3ce-4fc5-8708-4c09f4009546\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d82101f3-f3ce-4fc5-8708-4c09f4009546\"},{\"properties\":{\"displayName\":\"Configure + Container registries with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + premium container registry resources, you can reduce data leakage risks. Learn + more at: https://aka.ms/privateendpoints and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"registry\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d85c6833-7d33-4cf5-a915-aaa2de84405f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d85c6833-7d33-4cf5-a915-aaa2de84405f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1016 - Account Management | Automated Audit Actions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d8b43277-512e-40c3-ab00-14b3b6e72238\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18835,13 +21915,19 @@ interactions: Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d922484a-8cfc-4a6b-95a4-77d6a685407f\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MySQL can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption in transit to encrypt communication + between Azure HDInsight cluster nodes\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission between Azure HDInsight cluster nodes. + Enabling encryption in transit addresses problems of misuse and tampering + during this transmission.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9da03a1-f3c3-412a-9709-947156872263\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9da03a1-f3c3-412a-9709-947156872263\"},{\"properties\":{\"displayName\":\"Audit Windows machines that do not store passwords using reversible encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines @@ -18855,7 +21941,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3bfb53-9c46-4010-b3db-a7ba1296dada\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1516 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to disable public network access \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your CosmosDB resource so that it's not accessible + over the public internet. This can reduce data leakage risks. Learn more at: + https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2021-01-15')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da69ba51-aaf1-41e5-8651-607cd0b37088\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Batch Account to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch Account which is missing this diagnostic settings is created @@ -18876,7 +21969,23 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"ServiceLog\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"db51110f-0865-4a6e-b274-e2e07a5b2cd7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Logic + Apps should be deployed into Integration Service Environment\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploying + Logic Apps into Integration Service Environment in a virtual network unlocks + advanced Logic Apps networking and security features and provides you with + greater control over your network configuration. Learn more at: https://aka.ms/integration-service-environment. + Deploying into Integration Service Environment also allows encryption with + customer-managed keys which provides enhanced data protection by allowing + you to manage your encryption keys. This is often to meet compliance requirements.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},{\"field\":\"Microsoft.Logic/workflows/integrationServiceEnvironment\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc595cb1-1cde-45f6-8faf-f88874e1c0e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc595cb1-1cde-45f6-8faf-f88874e1c0e1\"},{\"properties\":{\"displayName\":\"Web + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a web app should be located on an Azure file share. The + storage account information for the file share must be provided before any + publishing activity. To learn more about using Azure Files for hosting app + service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dcbc65aa-59f3-4239-8978-3bb869d82604\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dcbc65aa-59f3-4239-8978-3bb869d82604\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1439 - Media Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dce72873-c5f1-47c3-9b4f-6b8207fd5a45\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18954,7 +22063,24 @@ interactions: DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deacecc0-9f84-44d2-bb82-46f32d766d43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1528 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"MariaDB + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Recovery Services vaults should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Azure Recovery Services + vaults, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/AB-PrivateEndpoints.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"count\":{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState\",\"equals\":\"Succeeded\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deeddb44-9f94-4903-9fa0-081d524406e3\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to the IoT Hub device provisioning + service, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df39c015-56a4-45de-b4a3-efe77bed320d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df39c015-56a4-45de-b4a3-efe77bed320d\"},{\"properties\":{\"displayName\":\"MariaDB server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure Database for MariaDB while ensuring the traffic stays within the @@ -18963,7 +22089,20 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dfbd9a64-6114-48de-a47d-90574dc2e489\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dfbd9a64-6114-48de-a47d-90574dc2e489\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve to Azure + Cache for Redis. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + resource id of the private DNS zone\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"redisCache\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-redis-cache-windows-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e016b22b-e0eb-436d-8fd7-160c4eaed6e2\"},{\"properties\":{\"displayName\":\"Auditing + on Synapse workspace should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing + on your Synapse workspace should be enabled to track database activities across + all databases on the dedicated SQL pools and save them in an audit log.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired + Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e04e5000-cd89-451d-bb21-a14d24ff9c73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e04e5000-cd89-451d-bb21-a14d24ff9c73\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'User Rights Assignment' for allowing log on locally, RDP, access from the network, @@ -19109,9 +22248,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1da06bd-25b6-4127-a301-c313d6873fff\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your machines should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers which do not satisfy the configured baseline will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1047 - System Use Notification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19127,16 +22266,17 @@ interactions: advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled in virtual machine scale sets for listed virtual machine + images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed. The list of OS images + is updated over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1161 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19151,9 +22291,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/virtualNetworkGateways\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/gatewayType\",\"equals\":\"Vpn\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/sku.tier\",\"equals\":\"Basic\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with read permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP access from the Internet should be blocked\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits any network security rule that allows RDP access from Internet\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\"},{\"allOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\"equals\":\"Inbound\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"*\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"3389\"},{\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), @@ -19399,9 +22539,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e80b6812-0bfa-4383-8223-cdd86a46a890\"},{\"properties\":{\"displayName\":\"Vulnerabilities in container security configurations should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit vulnerabilities in security configuration on machines with Docker installed - and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic @@ -19420,12 +22560,13 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\"},{\"properties\":{\"displayName\":\"Container - registries should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections through private links. Public access can - then be disabled to ensure that only private links can be used to connect - to the registry. For more information, visit: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network.By mapping private endpoints to your container registries + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"count\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8eef0a8-67cf-4eb4-9386-14b0e78733d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -19436,7 +22577,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e901375c-8f01-4ac8-9183-d5312f47fe63\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1723 - Information Input Validation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Configure + Container registries to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Container + Registry. Learn more at: https://aka.ms/privatednszone and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint. It should be linked to the private endpoint's associated VNET.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"registry\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"containerRegistry-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1200 - Security Impact Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e98fe9d7-2ed3-44f8-93b7-24dca69783ff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19447,7 +22597,14 @@ interactions: debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be created with infrastructure-encryption enabled + (double encryption)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure data encryption is enabled at the service level and the infrastructure + level with two different encryption algorithms and two different keys, use + an Azure Monitor dedicated cluster. This option is enabled by default when + supported at the region, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys#customer-managed-key-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/isDoubleEncryptionEnabled\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea0dfaed-95fb-448c-934e-d6e713ce393d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea0dfaed-95fb-448c-934e-d6e713ce393d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea3e8156-89a1-45b1-8bd6-938abc79fdfd\"},{\"properties\":{\"displayName\":\"Inherit @@ -19476,11 +22633,10 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea556850-838d-4a37-8ce5-9d7642f95e11\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1542 - Risk Assessment\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Ensure - Function app has 'Client Certificates (Incoming client certificates)' set - to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Function + apps should have 'Client Certificates (Incoming client certificates)' enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client certificates allow for the app to request a certificate for incoming requests. - Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App + Only clients with valid certificates will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eaebaea7-8013-4ceb-9d14-7eb32271373c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -19507,9 +22663,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"log_duration\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\"},{\"properties\":{\"displayName\":\"Deprecated accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts with owner permissions should be removed from your subscription. - \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit Windows machines that don't have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the application @@ -19530,9 +22686,9 @@ interactions: security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms - and two different keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + and two different keys.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -19570,7 +22726,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eca4d7b2-65e2-4e04-95d4-c68606b063c3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1622 - Boundary Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Event Hub namespaces. + Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ed66d4f5-8220-45dc-ab4a-20d1749c74e6\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Key @@ -19609,10 +22774,24 @@ interactions: Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspace to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Machine + Learning workspaces. Learn more at: https://docs.microsoft.com/azure/machine-learning/how-to-network-security-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"amlworkspace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"amlworkspace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee40564d-486e-4f68-a5ca-7a621edae0fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1189 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search services should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your Azure Cognitive + Search service is not exposed on the public internet. Creating private endpoints + can limit exposure of your Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee980b6d-0eca-4501-8d54-f6290fd512c3\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Accounts' for limiting local account use of blank passwords and @@ -19640,8 +22819,14 @@ interactions: enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\"},{\"properties\":{\"displayName\":\"API - Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - network on API Management services of the specified SKU should be enabled.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security, isolation and allows + you to place your API Management service in a non-internet routable network + that you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"evaluatedSkuNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"API Management SKU Names\",\"description\":\"List of API Management SKUs against @@ -19711,12 +22896,21 @@ interactions: TLS version should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Service Bus namespaces. + Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0fcf93c-c063-4071-9668-c47474bd3564\"},{\"properties\":{\"displayName\":\"Deploy Workflow Automation for Azure Security Center alerts\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable automation of Azure Security Center alerts. This policy deploys a workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select - the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow @@ -19727,13 +22921,14 @@ interactions: name contains\",\"description\":\"String included in the required alert name. For a full reference list of Security Center's alerts, see https://docs.microsoft.com/azure/security-center/alerts-reference.\"},\"defaultValue\":\"\"},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Alert is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Alert is created - or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('alertSeverities'),if(equals(parameters('alertName'), + ''), array('3.'), array(parameters('alertName'))))]\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"in\":\"[union(array('Severity'),if(equals(parameters('alertName'), + ''), array('Version'), array('AlertDisplayName')))]\"},{\"count\":{\"value\":\"[parameters('alertSeverities')]\",\"name\":\"alertSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"Severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('alertSeverity')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('alertSeverities'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"severityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"triggerMap\":{\"Manual (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center Alert @@ -19899,25 +23094,28 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b245d4-46c9-42be-9b1a-49e2b5b94194\"},{\"properties\":{\"displayName\":\"Disk encryption should be enabled on Azure Data Explorer\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling disk encryption helps protect and safeguard your data to meet your organizational - security and compliance commitments.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + security and compliance commitments.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy Auditing on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The + region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention days (optional, 180 days if unspecified)\"},\"defaultValue\":\"180\"},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name for storage accounts\",\"description\":\"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing - do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), 0, 3)]\",\"storageName\":\"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('sqlServerAuditingStorageAccount-', - uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"templateLink\":{\"uri\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\"contentVersion\":\"1.0.0.0\"}}},{\"name\":\"[concat(parameters('serverName'), - '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"auditActionsAndGroups\":null,\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft + uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure SQL servers to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1469 - Power Equipment And Cabling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19988,9 +23186,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your virtual machines from potential threats by restricting access to them with network security groups (NSG). Learn more about controlling traffic with - NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit Linux machines that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that @@ -20028,7 +23226,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f771f8cb-6642-45cc-9a15-8a41cd5c6977\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1449 - Physical Access Authorizations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use system-assigned managed identity + authentication when it is supported\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Using + system-assigned managed identity when communicating with data stores via linked + services avoids the use of less secured credentials such as passwords or connection + strings.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"AzureSqlDatabase\",\"AzureSqlMI\",\"AzureSqlDW\",\"AzureBlobFS\",\"AdlsGen2CosmosStructuredStream\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureBlobStorage\",\"AzureDatabricks\"]},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"User + ID=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f78ccdb4-7bf4-4106-8647-270491d2978a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1506 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\"},{\"properties\":{\"displayName\":\"Azure @@ -20051,9 +23257,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f82e3639-fa2b-4e06-a786-932d8379b972\"},{\"properties\":{\"displayName\":\"External accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with owner permissions should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1345 - Cryptographic Module Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20083,15 +23289,21 @@ interactions: Other System Events;ExpectedValue\",\"value\":\"[parameters('AuditOtherSystemEvents')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Diagnostic + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Resource logs in Service Bus should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Service + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Service Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Azure + Event Grid domains should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8f774be-6aee-492a-9e29-486ef81f3a68\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -20108,22 +23320,28 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9a165d2-967d-4733-8399-1074270dae2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Stream Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Stream + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Stream Analytics\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest TLS version should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9d614c5-c173-4d56-95a7-b4437057d193\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Saved-queries + in Azure Monitor should be saved in customer storage account for logs encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + storage account to Log Analytics workspace to protect saved-queries with storage + account encryption. Customer-managed keys are commonly required to meet regulatory + compliance and for more control over the access to your saved-queries in Azure + Monitor. For more details on the above, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys?tabs=portal#customer-managed-key-for-saved-queries.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/workspaces\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/workspaces/forceCmkForQuery\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa298e57-9444-42ba-bf04-86e8470e32c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa298e57-9444-42ba-bf04-86e8470e32c7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa4c2a3d-1294-41a3-9ada-0e540471e9fb\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20169,7 +23387,24 @@ interactions: on Azure Storage encryption at rest can be found here https://aka.ms/azurestoragebyok. \",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/logProfiles\"},{\"field\":\"Microsoft.Insights/logProfiles/storageAccountId\",\"exists\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"value\":\"[contains(field('Microsoft.Insights/logProfiles/storageAccountId'), - subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"[Preview]: + subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Cognitive + Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"searchService\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"searchService-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbc14a67-53e4-4932-abcc-2049c6706009\"},{\"properties\":{\"displayName\":\"Virtual + machines and virtual machine scale sets should have encryption at host enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + encryption at host to get end-to-end encryption for your virtual machine and + virtual machine scale set data. Encryption at host enables encryption at rest + for your temporary disk and OS/data disk caches. Temporary and ephemeral OS + disks are encrypted with platform-managed keys when encryption at host is + enabled. OS/data disk caches are encrypted at rest with either customer-managed + or platform-managed key, depending on the encryption type selected on the + disk. Learn more at https://aka.ms/vm-hbe.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc4d8e41-e223-45ea-9bf5-eada37891d87\"},{\"properties\":{\"displayName\":\"[Preview]: All Internet traffic should be routed via your deployed Azure Firewall\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats @@ -20187,10 +23422,10 @@ interactions: that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines should meet the requirements for the Azure security baseline\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxOMSBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Configuration\",\"version\":\"1.1.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureLinuxBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxOMSBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureLinuxBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -20219,8 +23454,8 @@ interactions: Source\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MariaDB can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall @@ -20234,7 +23469,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1613 - Developer Security Architecture And Design\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"Cognitive + Services accounts should use a managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Assigning + a managed identity to your Cognitive Service account helps ensure secure authentication. + This identity is used by this Cognitive service account to communicate with + other Azure services, like Azure Key Vault, in a secure way without you having + to manage any credentials.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"anyOf\":[{\"field\":\"identity.type\",\"exists\":\"false\"},{\"field\":\"identity.type\",\"equals\":\"None\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe3fd216-4f83-4fc1-8984-2bbec80a3418\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -20245,18 +23487,18 @@ interactions: Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"installed_application_linux\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"},{\"properties\":{\"displayName\":\"Vulnerabilities on your SQL databases should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Monitor Vulnerability Assessment scan results and recommendations for how to remediate - database vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security + database vulnerabilities.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ff9fbd83-1d8d-4b41-aac2-94cb44b33976\"},{\"properties\":{\"displayName\":\"Deploy - export to Log Analytics workspace for Azure Security Center alerts and recommendations\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - export to Log Analytics workspace of Azure Security Center alerts and/or recommendations. - This policy deploys an export to Log Analytics workspace configuration with - your conditions and target workspace on the assigned scope. To deploy this - policy on newly created subscriptions, open the Compliance tab, select the - relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + export to Log Analytics workspace for Azure Security Center data\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + export to Log Analytics workspace of Azure Security Center data. This policy + deploys an export to Log Analytics workspace configuration with your conditions + and target workspace on the assigned scope. To deploy this policy on newly + created subscriptions, open the Compliance tab, select the relevant non-compliant + assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for @@ -20265,17 +23507,20 @@ interactions: configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;\"},\"allowedValues\":[\"Security recommendations\",\"Security - alerts\",\"Overall secure score\",\"Secure score controls\"],\"defaultValue\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -20286,41 +23531,64 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"The Log Analytics workspace of where - the data should be exported to. If you do not already have a log analytics - workspace, visit Log Analytics workspaces to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces).\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + the data should be exported to.\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"ExportToWorkspace\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Log Analytics workspace via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', - subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1158 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fff50cf2-28eb-45b4-b378-c99412688907\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod hostPath volumes can only use allowed host paths in a Kubernetes - Cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Limit + pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20328,10 +23596,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed host paths\",\"description\":\"The host paths allowed for pod hostPath volumes - to use. Provide an empty paths list to block all host paths.\",\"schema\":{\"type\":\"object\",\"properties\":{\"paths\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"pathPrefix\":{\"type\":\"string\"},\"readOnly\":{\"type\":\"boolean\"}},\"required\":[\"pathPrefix\",\"readOnly\"],\"additionalProperties\":false}}},\"required\":[\"paths\"],\"additionalProperties\":false}},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: + to use. Provide an empty paths list to block all host paths.\"},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time that a certificate can be valid within your key vault.\",\"metadata\":{\"version\":\"2.1.0-preview\",\"category\":\"Key @@ -20376,7 +23646,7 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"less\":\"[parameters('minimumDaysBeforeExpiry')]\"}]},{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"greater\":\"[parameters('maximumPercentageLife')]\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12ef42cb-9903-4e39-9c26-422d29570417\"},{\"properties\":{\"displayName\":\"[Preview]: - Keys should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic + Key Vault keys should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic keys should have a defined expiration date and not be permanent. Keys that are valid forever provide a potential attacker with more time to compromise the key. It is a recommended security practice to set expiration dates on @@ -20385,11 +23655,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods can only use allowed volume types in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + can only use allowed volume types in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20397,10 +23668,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed volume types\",\"description\":\"The list of volume types that can be used by a pod. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: Enforce labels on pods in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -20408,24 +23681,28 @@ interactions: service\",\"deprecated\":true},\"parameters\":{\"commaSeparatedListOfLabels\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: Comma-separated list of labels\",\"description\":\"A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Enforce - HTTPS ingress in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should be accessible only over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + of HTTPS ensures authentication and protects data in transit from network + layer eavesdropping attacks. This capability is currently generally available + for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc + enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes - clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow containers to use privilege escalation in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow containers to run with privilege escalation to root in a Kubernetes + cluster. This recommendation is part of CIS 5.2.5 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20433,8 +23710,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: Configure log filter expressions and datastore to be used for full logs for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide log filter expression and datastore to be used for full @@ -20448,22 +23727,24 @@ interactions: used to filter logs. Ex. ^prefix1.*$\"},\"defaultValue\":[]},\"datastore\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Datastore\",\"description\":\"Datastore used to store filtered logs. Ex. LogsDatastore which is configured in AML.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Ensure - services listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces services to listen only on allowed ports in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - service ports list\",\"description\":\"The list of service ports allowed in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should listen only on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + services to listen only on allowed ports to secure access to the Kubernetes + cluster. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + service ports list\",\"description\":\"The list of service ports allowed in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"allowedPorts\":\"[parameters('allowedServicePortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure services listen only on allowed ports in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces services to listen only on allowed ports in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -20501,68 +23782,77 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"approvalEndpoint\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Approval endpoint\",\"description\":\"Approval endpoint that needs to be called before an Azure ML job is run. Ex. http://amlrunapproval/approve\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Enforce - internal load balancers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces load balancers do not have public IPs in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should use internal load balancers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + internal load balancers to make a Kubernetes service accessible only to applications + running in the same virtual network as the Kubernetes cluster. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should disable automounting API credentials\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Disable automounting API credentials to prevent a potentially compromised Pod resource - to run API commands against Kubernetes clusters. For instructions on using - this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Ensure - containers listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces containers to listen only on allowed ports in a Kubernetes + to run API commands against Kubernetes clusters. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only listen on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + containers to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - container ports list\",\"description\":\"The list of container ports allowed - in a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Enforce - labels on pods in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces the specified labels are provided for pods in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List - of labels\",\"description\":\"The list of labels to be specified on Pods in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + container ports list\",\"description\":\"The list of container ports allowed + in a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"allowedPorts\":\"[parameters('allowedContainerPortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods should use specified labels\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + specified labels to identify the pods in a Kubernetes cluster. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy blocks pod containers from sharing the host process ID namespace and - host IPC namespace in a Kubernetes cluster. This policy is generally available - for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled - Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List + of labels\",\"description\":\"The list of labels to be specified on Pods in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Block + pod containers from sharing the host process ID namespace and host IPC namespace + in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS + 5.2.3 which are intended to improve the security of your Kubernetes environments. + This policy is generally available for Kubernetes Service (AKS), and preview + for AKS Engine and Azure Arc enabled Kubernetes. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20570,8 +23860,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time in days that a key can be valid within your key vault.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Key @@ -20583,11 +23875,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"greater\":\"[addDays(field('Microsoft.KeyVault.Data/vaults/keys/attributes.createdOn'), parameters('maximumValidityInDays'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"49a22571-d204-4c91-a7b6-09b1a586fbc9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed AppArmor profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20595,11 +23888,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed AppArmor profiles\",\"description\":\"The list of AppArmor profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed module authors for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide allowed module authors in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit @@ -20610,11 +23905,12 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"allowedModuleAuthors\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Allowed module authors\",\"description\":\"List of allowed module authors.\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"allowedModuleAuthors\",\"value\":\"[parameters('allowedModuleAuthors')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53c70b02-63dd-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53c70b02-63dd-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers do not use forbidden sysctl interfaces in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20622,11 +23918,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden sysctls\",\"description\":\"The list of plain sysctl names or sysctl patterns which end with *. The string * matches all sysctls. For more information, visit https://aka.ms/k8s-policy-sysctl-interfaces.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed registries for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, @@ -20720,11 +24018,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keyType\",\"in\":[\"RSA\",\"RSA-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keySize\",\"less\":\"[parameters('minimumRSAKeySize')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82067dbb-e53b-4e06-b631-546d197452d9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls pod access to the host network and the allowable host port - range in a Kubernetes cluster. This policy is generally available for Kubernetes - Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. - For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + pod access to the host network and the allowable host port range in a Kubernetes + cluster. This recommendation is part of CIS 5.2.4 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20732,14 +24031,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow host network usage\",\"description\":\"Set this value to true if pod is allowed to use host network otherwise false.\"},\"defaultValue\":false},\"minPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Min host port\",\"description\":\"The minimum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0},\"maxPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Max host port\",\"description\":\"The maximum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the Azure integrated certificate authorities that can issue certificates in your key vault such @@ -20749,25 +24050,29 @@ interactions: certificate authorities supported by Azure Key Vault.\"},\"allowedValues\":[\"DigiCert\",\"GlobalSign\"],\"defaultValue\":[\"DigiCert\",\"GlobalSign\"]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' - turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Do - not allow privileged containers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow privileged containers creation in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster should not allow privileged containers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow privileged containers creation in a Kubernetes cluster. This recommendation + is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes + environments. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed seccomp profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed seccomp profiles in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20775,13 +24080,17 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed seccomp profiles\",\"description\":\"The list of seccomp profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: - Secrets should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"It - is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: + Key Vault secrets should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Secrets + should have a defined expiration date and not be permanent. Secrets that are + valid forever provide a potential attacker with more time to compromise them. + It is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' @@ -20789,16 +24098,19 @@ interactions: Kubernetes clusters should not use the default namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. - For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified non-integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the custom or internal @@ -20812,19 +24124,21 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName\",\"notContains\":\"[parameters('caCommonName')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a22f4a40-01d3-4c7d-8071-da157eeff341\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should not use specific security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent specific security capabilities in Kubernetes clusters to prevent ungranted - privileges on the Pod resource. For instructions on using this policy, please - visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Blocked - capabilities\",\"description\":\"List of capabilities that containers are - not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Blocked capabilities\",\"description\":\"List of capabilities that containers + are not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure CPU and memory resource limits defined on containers in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy ensures CPU and memory resource limits are defined on containers in an Azure Kubernetes Service cluster. This policy is deprecated, please visit @@ -20855,10 +24169,10 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Deprecated]: Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to - exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Deprecated]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fd3e59-6390-4f2b-8247-ea676bd03e2d\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates using elliptic curve cryptography should have allowed curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage the allowed elliptic curve names for ECC Certificates stored in key vault. @@ -20869,11 +24183,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\"in\":[\"EC\",\"EC-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName\",\"notIn\":\"[parameters('allowedECNames')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd78111f-4953-4367-9fd5-7e08808b54bf\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed capabilities in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + the capabilities to reduce the attack surface of containers in a Kubernetes + cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are + intended to improve the security of your Kubernetes environments. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20881,12 +24196,14 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed capabilities\",\"description\":\"The list of capabilities that are allowed to be added to a container. Provide empty list as input to block everything.\"},\"defaultValue\":[]},\"requiredDropCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Required drop capabilities\",\"description\":\"The list of capabilities that must be dropped by a container.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Specify the number of days that a key should be active. Keys that are used for an extended period of time increase the probability that an attacker could compromise @@ -20914,12 +24231,43 @@ interactions: Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"Kubernetes service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers run with a read only root file system in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"[Preview]: + Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"To + reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux + capabilities. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"CAP_SYS_ADMIN\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d2e7ea85-6b44-4317-a0be-1b951587f626\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d2e7ea85-6b44-4317-a0be-1b951587f626\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should only use allowed external IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes + cluster. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from + policy evaluation. Providing a value for this parameter is optional.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + inclusions\",\"description\":\"List of Kubernetes namespaces to only include + in policy evaluation. An empty list means the policy is applied to all resources + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedExternalIPs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + External IPs\",\"description\":\"List of External IPs that services are allowed + to use. Empty array means all external IPs are disallowed.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedExternalIPs\":\"[parameters('allowedExternalIPs')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d46c275d-1680-448d-b2ec-e495a3b6cc89\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d46c275d-1680-448d-b2ec-e495a3b6cc89\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Run + containers with a read only root file system to protect from changes at run-time + with malicious binaries being added to PATH in a Kubernetes cluster. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20927,13 +24275,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods and containers only use allowed SELinux options in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + and containers should only use allowed SELinux options in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20941,29 +24292,33 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed SELinux options\",\"description\":\"The allowed configurations for pod and container level SELinux Options. Provide empty options list as input to block - everything.\",\"schema\":{\"type\":\"object\",\"properties\":{\"options\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"level\":{\"type\":\"string\"},\"role\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"},\"user\":{\"type\":\"string\"}},\"additionalProperties\":false}}},\"required\":[\"options\"],\"additionalProperties\":false}},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Ensure - container CPU and memory resource limits do not exceed the specified limits - in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures container CPU and memory resource limits are defined and do - not exceed the specified limits in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed CPU units\",\"description\":\"The maximum CPU units allowed for a - container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed memory bytes\",\"description\":\"The maximum memory bytes allowed - for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + everything.\"},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers CPU and memory resource limits should not exceed the specified + limits\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Enforce + container CPU and memory resource limits to prevent resource exhaustion attacks + in a Kubernetes cluster. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed CPU units\",\"description\":\"The maximum CPU units allowed for a + container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed memory bytes\",\"description\":\"The maximum memory bytes allowed + for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: Secrets should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"If your secrets were created with an activation date set in the future, you must ensure that your secrets have not been active for longer than the specified @@ -20976,12 +24331,13 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/secrets\"},{\"value\":\"[utcNow()]\",\"greater\":\"[addDays(if(empty(field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.createdOn'), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), parameters('maximumValidityInDays'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d99835-8a06-45ae-a8e0-87a91941ccfe\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls the user, primary group, supplemental group and file system - group IDs that pods and containers can use to run in a Kubernetes Cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Control + the user, primary group, supplemental group and file system group IDs that + pods and containers can use to run in a Kubernetes Cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -20989,29 +24345,32 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as user rule\",\"description\":\"The 'RunAsUser' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MustRunAsNonRoot\",\"RunAsAny\"],\"defaultValue\":\"MustRunAsNonRoot\"},\"runAsUserRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed user ID ranges\",\"description\":\"The user ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as group rule\",\"description\":\"The 'RunAsGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"runAsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed group ID ranges\",\"description\":\"The group ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental group rule\",\"description\":\"The 'SupplementalGroups' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"supplementalGroupsRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed supplemental group ID ranges\",\"description\":\"The supplemental group ID - ranges that are allowed for containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File + ranges that are allowed for containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File system group rule\",\"description\":\"The 'FSGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"fsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed file system group ID ranges\",\"description\":\"The file system group ranges - that are allowed for pods to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"},\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod FlexVolume volumes only use allowed drivers in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + that are allowed for pods to use.\"},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -21019,10 +24378,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed FlexVolume drivers\",\"description\":\"The list of drivers that FlexVolume volumes are allowed to use. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should not expire within the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage certificates that will expire within a specified number of days to ensure your organization has sufficient time to rotate the certificate prior to expiration.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Key @@ -21033,11 +24394,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn\",\"lessOrEquals\":\"[addDays(utcNow(), parameters('daysToExpire'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f772fb64-8e40-40ad-87bc-7706e1949427\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed ProcMountType in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed ProcMountTypes in a Kubernetes cluster. This + recommendation is part of Pod Security Policies which are intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -21045,25 +24407,29 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The ProcMountType that containers are allowed to use in the cluster.\"},\"allowedValues\":[\"Unmasked\",\"Default\"],\"defaultValue\":\"Default\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Ensure - only allowed container images in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures only allowed container images are running in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed - container images regex\",\"description\":\"The RegEx rule used to match allowed - container images in a Kubernetes cluster. For example, to allow any Azure - Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed images\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + images from trusted registries to reduce the Kubernetes cluster's exposure + risk to unknown vulnerabilities, security issues and malicious images. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed + container images regex\",\"description\":\"The RegEx rule used to match allowed + container images in a Kubernetes cluster. For example, to allow any Azure + Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"imageRegex\":\"[parameters('allowedContainerImagesRegex')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: Keys using elliptic curve cryptography should have the specified curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Keys backed by elliptic curve cryptography can have different curve names. Some applications are only compatible with specific elliptic curve keys. Enforce @@ -21078,11 +24444,11 @@ interactions: cache-control: - no-cache content-length: - - '2498010' + - '2920414' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:05 GMT + - Mon, 22 Mar 2021 07:13:10 GMT expires: - '-1' pragma: @@ -21112,8 +24478,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -21130,7 +24496,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:08 GMT + - Mon, 22 Mar 2021 07:13:12 GMT expires: - '-1' pragma: @@ -21156,8 +24522,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -21174,7 +24540,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:08 GMT + - Mon, 22 Mar 2021 07:13:13 GMT expires: - '-1' pragma: @@ -21202,8 +24568,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -21219,7 +24585,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:09 GMT + - Mon, 22 Mar 2021 07:13:16 GMT expires: - '-1' pragma: @@ -21233,7 +24599,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1197' status: code: 200 message: OK @@ -21251,8 +24617,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -21268,7 +24634,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:19 GMT + - Mon, 22 Mar 2021 07:13:26 GMT expires: - '-1' pragma: @@ -21300,8 +24666,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -21317,7 +24683,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:20 GMT + - Mon, 22 Mar 2021 07:13:28 GMT expires: - '-1' location: @@ -21325,11 +24691,11 @@ interactions: pragma: - no-cache request-id: - - b3e3ecf6-5ad8-4bfb-8779-809fcf800e92 + - 9bb443cb-aecb-4481-b14e-8a107c40f3c7 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-deletes: @@ -21351,8 +24717,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: @@ -21366,13 +24732,13 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:30 GMT + - Mon, 22 Mar 2021 07:13:39 GMT expires: - '-1' pragma: - no-cache request-id: - - 63b0e302-7a70-4635-bb1d-d71d31ea2914 + - a6cd18d4-849c-4158-8060-4e96c8fcd60a strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -21380,7 +24746,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml index 92b8b858015..6cb4717ce4e 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml @@ -15,8 +15,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:35 GMT + - Mon, 22 Mar 2021 08:42:16 GMT expires: - '-1' pragma: @@ -64,8 +64,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -81,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:46 GMT + - Mon, 22 Mar 2021 08:42:26 GMT expires: - '-1' pragma: @@ -116,8 +116,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -133,7 +133,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:46 GMT + - Mon, 22 Mar 2021 08:42:28 GMT expires: - '-1' location: @@ -141,15 +141,15 @@ interactions: pragma: - no-cache request-id: - - b753c8f7-27db-4616-8043-056ab88f603b + - 536262f7-0320-4167-ba2e-db1cafdd2d66 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 202 message: Accepted @@ -167,8 +167,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: @@ -182,7 +182,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:16:57 GMT + - Mon, 22 Mar 2021 08:42:38 GMT expires: - '-1' location: @@ -190,11 +190,11 @@ interactions: pragma: - no-cache request-id: - - 49f170b4-c2f3-44df-ba15-58054c043a14 + - b1be60c3-459e-48b1-9dcc-263ac2b5d91c strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -214,8 +214,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: @@ -229,7 +229,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:17:07 GMT + - Mon, 22 Mar 2021 08:42:49 GMT expires: - '-1' location: @@ -237,11 +237,11 @@ interactions: pragma: - no-cache request-id: - - aaea4394-7d27-4079-b0e7-ba663aa7925d + - 3396eab4-d3dd-4571-b404-d9b97139a006 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -261,29 +261,28 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2020-12-17T19:16:54.645762Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","parent":{"id":"/providers/Microsoft.Management/managementGroups/01a4073e-87c8-47cd-aafc-1439b4b5ea2c","name":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"Tenant - Root Group"}}}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2021-03-22T08:42:35.1181092Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' headers: cache-control: - no-cache content-length: - - '622' + - '642' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:17:17 GMT + - Mon, 22 Mar 2021 08:43:02 GMT expires: - '-1' pragma: - no-cache request-id: - - 013cbaf6-55e8-4603-8d5f-cd8f96319565 + - 9b28cca1-0754-4926-abce-d2f6483b128d strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -291,7 +290,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -319,15 +318,15 @@ interactions: ParameterSetName: - -n --rules --params --display-name --description --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:19.7051988Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:03.7869265Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: @@ -338,7 +337,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:19 GMT + - Mon, 22 Mar 2021 08:44:03 GMT expires: - '-1' pragma: @@ -348,7 +347,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 201 message: Created @@ -374,15 +373,15 @@ interactions: ParameterSetName: - -n --rules --mode --display-name --description --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:20.3636062Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}' + string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:04.4193564Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}' headers: cache-control: - no-cache @@ -391,7 +390,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:19 GMT + - Mon, 22 Mar 2021 08:44:04 GMT expires: - '-1' pragma: @@ -401,7 +400,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 201 message: Created @@ -427,24 +426,24 @@ interactions: ParameterSetName: - -n --definitions --display-name --description --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"category":"test","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:21.5517925Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"14016369651184776762","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"category":"test","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:05.63281Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"11419590576446172700","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1140' + - '1138' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:20 GMT + - Mon, 22 Mar 2021 08:44:05 GMT expires: - '-1' pragma: @@ -472,24 +471,24 @@ interactions: ParameterSetName: - -n --display-name --description --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"category":"test","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:21.5517925Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"14016369651184776762","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"category":"test","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:05.63281Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"11419590576446172700","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1140' + - '1138' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:22 GMT + - Mon, 22 Mar 2021 08:44:05 GMT expires: - '-1' pragma: @@ -510,9 +509,9 @@ interactions: "desc_for_test_policyset_123_new", "metadata": {"category": "test2"}, "policyDefinitions": [{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003", "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}, "policyDefinitionReferenceId": "14016369651184776762"}, {"policyDefinitionId": + "westus"]}}, "policyDefinitionReferenceId": "11419590576446172700"}, {"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005", - "policyDefinitionReferenceId": "2815157106993385363"}]}}' + "policyDefinitionReferenceId": "8504298515002226000"}]}}' headers: Accept: - application/json @@ -529,24 +528,24 @@ interactions: ParameterSetName: - -n --display-name --description --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:21.5517925Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:18:22.6304735Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14016369651184776762","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:05.63281Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T08:44:06.7885354Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11419590576446172700","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1209' + - '1207' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:22 GMT + - Mon, 22 Mar 2021 08:44:06 GMT expires: - '-1' pragma: @@ -560,7 +559,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 200 message: OK @@ -578,8 +577,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -590,7 +589,7 @@ interactions: R2","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension policies that address a subset of NIST SP 800-171 R2 requirements. Additional policies will be added in upcoming releases. For - more information, visit https://aka.ms/nist800171r2-blueprint.","metadata":{"version":"4.1.0-preview","category":"Regulatory + more information, visit https://aka.ms/nist800171r2-blueprint.","metadata":{"version":"5.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -619,10 +618,10 @@ interactions: for App Services","deprecated":true},"defaultValue":"3.6"},"linuxPythonLatestVersionForAppServices":{"type":"String","metadata":{"displayName":"[Preview]: Latest Linux Python version","description":"Latest supported Python version for App Services"},"defaultValue":"3.8"},"listOfResourceTypesForDiagnosticLogs":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","description":"Audit + List of resource types that should have resource logs enabled","description":"Audit diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"minimumTLSVersionForWindowsServers":{"type":"String","metadata":{"displayName":"[Preview]: Minimum TLS version for Windows web servers","description":"The minimum TLS - protocol version that should be enabled on Windows web servers."},"allowedValues":["1.2"],"defaultValue":"1.2"}},"policyDefinitions":[{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"1bc1795ed44a4d489b3b6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.4.7","NIST_SP_800-171_R2_3.4.8","NIST_SP_800-171_R2_3.4.9"]},{"policyDefinitionReferenceId":"496223c3ad654ecd878abae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.3"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"7008174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7238174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7261b8988a844db89e0418527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.8"]},{"policyDefinitionReferenceId":"74c3584dafae46f7a20a6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"7f89b1eb583c429a8828af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesForDiagnosticLogs'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"88999f4c376a45c8bcb34058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"9d0b6ea493e24578bf2f6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersionForWindowsServers'')]"}},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"securityContactPhoneNumberShouldBeProvidedForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocationsForNetworkWatcher'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIDForVMAgents'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-171_R2_3.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.1"},{"name":"NIST_SP_800-171_R2_3.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.2"},{"name":"NIST_SP_800-171_R2_3.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.3"},{"name":"NIST_SP_800-171_R2_3.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.4"},{"name":"NIST_SP_800-171_R2_3.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.5"},{"name":"NIST_SP_800-171_R2_3.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.6"},{"name":"NIST_SP_800-171_R2_3.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.7"},{"name":"NIST_SP_800-171_R2_3.1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.8"},{"name":"NIST_SP_800-171_R2_3.1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.9"},{"name":"NIST_SP_800-171_R2_3.1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.10"},{"name":"NIST_SP_800-171_R2_3.1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.11"},{"name":"NIST_SP_800-171_R2_3.1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.12"},{"name":"NIST_SP_800-171_R2_3.1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.13"},{"name":"NIST_SP_800-171_R2_3.1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.14"},{"name":"NIST_SP_800-171_R2_3.1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.15"},{"name":"NIST_SP_800-171_R2_3.1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.16"},{"name":"NIST_SP_800-171_R2_3.1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.17"},{"name":"NIST_SP_800-171_R2_3.1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.18"},{"name":"NIST_SP_800-171_R2_3.1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.19"},{"name":"NIST_SP_800-171_R2_3.1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.20"},{"name":"NIST_SP_800-171_R2_3.1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.21"},{"name":"NIST_SP_800-171_R2_3.1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.22"},{"name":"NIST_SP_800-171_R2_3.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.1"},{"name":"NIST_SP_800-171_R2_3.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.2"},{"name":"NIST_SP_800-171_R2_3.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.3"},{"name":"NIST_SP_800-171_R2_3.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.1"},{"name":"NIST_SP_800-171_R2_3.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.2"},{"name":"NIST_SP_800-171_R2_3.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.3"},{"name":"NIST_SP_800-171_R2_3.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.4"},{"name":"NIST_SP_800-171_R2_3.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.5"},{"name":"NIST_SP_800-171_R2_3.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.6"},{"name":"NIST_SP_800-171_R2_3.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.7"},{"name":"NIST_SP_800-171_R2_3.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.8"},{"name":"NIST_SP_800-171_R2_3.3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.9"},{"name":"NIST_SP_800-171_R2_3.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.1"},{"name":"NIST_SP_800-171_R2_3.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.2"},{"name":"NIST_SP_800-171_R2_3.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.3"},{"name":"NIST_SP_800-171_R2_3.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.4"},{"name":"NIST_SP_800-171_R2_3.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.5"},{"name":"NIST_SP_800-171_R2_3.4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.6"},{"name":"NIST_SP_800-171_R2_3.4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.7"},{"name":"NIST_SP_800-171_R2_3.4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.8"},{"name":"NIST_SP_800-171_R2_3.4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.9"},{"name":"NIST_SP_800-171_R2_3.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.1"},{"name":"NIST_SP_800-171_R2_3.5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.2"},{"name":"NIST_SP_800-171_R2_3.5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.3"},{"name":"NIST_SP_800-171_R2_3.5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.4"},{"name":"NIST_SP_800-171_R2_3.5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.5"},{"name":"NIST_SP_800-171_R2_3.5.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.6"},{"name":"NIST_SP_800-171_R2_3.5.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.7"},{"name":"NIST_SP_800-171_R2_3.5.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.8"},{"name":"NIST_SP_800-171_R2_3.5.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.9"},{"name":"NIST_SP_800-171_R2_3.5.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.10"},{"name":"NIST_SP_800-171_R2_3.5.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.11"},{"name":"NIST_SP_800-171_R2_3.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.1"},{"name":"NIST_SP_800-171_R2_3.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.2"},{"name":"NIST_SP_800-171_R2_3.6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.3"},{"name":"NIST_SP_800-171_R2_3.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.1"},{"name":"NIST_SP_800-171_R2_3.7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.2"},{"name":"NIST_SP_800-171_R2_3.7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.3"},{"name":"NIST_SP_800-171_R2_3.7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.4"},{"name":"NIST_SP_800-171_R2_3.7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.5"},{"name":"NIST_SP_800-171_R2_3.7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.6"},{"name":"NIST_SP_800-171_R2_3.8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.1"},{"name":"NIST_SP_800-171_R2_3.8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.2"},{"name":"NIST_SP_800-171_R2_3.8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.3"},{"name":"NIST_SP_800-171_R2_3.8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.4"},{"name":"NIST_SP_800-171_R2_3.8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.5"},{"name":"NIST_SP_800-171_R2_3.8.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.6"},{"name":"NIST_SP_800-171_R2_3.8.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.7"},{"name":"NIST_SP_800-171_R2_3.8.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.8"},{"name":"NIST_SP_800-171_R2_3.8.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.9"},{"name":"NIST_SP_800-171_R2_3.9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.1"},{"name":"NIST_SP_800-171_R2_3.9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.2"},{"name":"NIST_SP_800-171_R2_3.10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.1"},{"name":"NIST_SP_800-171_R2_3.10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.2"},{"name":"NIST_SP_800-171_R2_3.10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.3"},{"name":"NIST_SP_800-171_R2_3.10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.4"},{"name":"NIST_SP_800-171_R2_3.10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.5"},{"name":"NIST_SP_800-171_R2_3.10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.6"},{"name":"NIST_SP_800-171_R2_3.11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.1"},{"name":"NIST_SP_800-171_R2_3.11.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.2"},{"name":"NIST_SP_800-171_R2_3.11.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.3"},{"name":"NIST_SP_800-171_R2_3.12.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.1"},{"name":"NIST_SP_800-171_R2_3.12.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.2"},{"name":"NIST_SP_800-171_R2_3.12.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.3"},{"name":"NIST_SP_800-171_R2_3.12.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.4"},{"name":"NIST_SP_800-171_R2_3.13.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.1"},{"name":"NIST_SP_800-171_R2_3.13.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.2"},{"name":"NIST_SP_800-171_R2_3.13.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.3"},{"name":"NIST_SP_800-171_R2_3.13.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.4"},{"name":"NIST_SP_800-171_R2_3.13.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.5"},{"name":"NIST_SP_800-171_R2_3.13.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.6"},{"name":"NIST_SP_800-171_R2_3.13.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.7"},{"name":"NIST_SP_800-171_R2_3.13.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.8"},{"name":"NIST_SP_800-171_R2_3.13.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.9"},{"name":"NIST_SP_800-171_R2_3.13.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.10"},{"name":"NIST_SP_800-171_R2_3.13.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.11"},{"name":"NIST_SP_800-171_R2_3.13.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.12"},{"name":"NIST_SP_800-171_R2_3.13.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.13"},{"name":"NIST_SP_800-171_R2_3.13.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.14"},{"name":"NIST_SP_800-171_R2_3.13.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.15"},{"name":"NIST_SP_800-171_R2_3.13.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.16"},{"name":"NIST_SP_800-171_R2_3.14.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.1"},{"name":"NIST_SP_800-171_R2_3.14.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.2"},{"name":"NIST_SP_800-171_R2_3.14.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.3"},{"name":"NIST_SP_800-171_R2_3.14.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.4"},{"name":"NIST_SP_800-171_R2_3.14.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.5"},{"name":"NIST_SP_800-171_R2_3.14.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.6"},{"name":"NIST_SP_800-171_R2_3.14.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.7"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9","type":"Microsoft.Authorization/policySetDefinitions","name":"03055927-78bd-4236-86c0-f36125a10dc9"},{"properties":{"displayName":"[Deprecated]: + protocol version that should be enabled on Windows web servers."},"allowedValues":["1.2"],"defaultValue":"1.2"}},"policyDefinitions":[{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"1bc1795ed44a4d489b3b6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.4.7","NIST_SP_800-171_R2_3.4.8","NIST_SP_800-171_R2_3.4.9"]},{"policyDefinitionReferenceId":"496223c3ad654ecd878abae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.3"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"7008174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7238174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7261b8988a844db89e0418527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.8"]},{"policyDefinitionReferenceId":"74c3584dafae46f7a20a6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"7f89b1eb583c429a8828af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesForDiagnosticLogs'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"88999f4c376a45c8bcb34058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"9d0b6ea493e24578bf2f6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersionForWindowsServers'')]"}},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocationsForNetworkWatcher'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIDForVMAgents'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-171_R2_3.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.1"},{"name":"NIST_SP_800-171_R2_3.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.2"},{"name":"NIST_SP_800-171_R2_3.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.3"},{"name":"NIST_SP_800-171_R2_3.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.4"},{"name":"NIST_SP_800-171_R2_3.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.5"},{"name":"NIST_SP_800-171_R2_3.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.6"},{"name":"NIST_SP_800-171_R2_3.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.7"},{"name":"NIST_SP_800-171_R2_3.1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.8"},{"name":"NIST_SP_800-171_R2_3.1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.9"},{"name":"NIST_SP_800-171_R2_3.1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.10"},{"name":"NIST_SP_800-171_R2_3.1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.11"},{"name":"NIST_SP_800-171_R2_3.1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.12"},{"name":"NIST_SP_800-171_R2_3.1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.13"},{"name":"NIST_SP_800-171_R2_3.1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.14"},{"name":"NIST_SP_800-171_R2_3.1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.15"},{"name":"NIST_SP_800-171_R2_3.1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.16"},{"name":"NIST_SP_800-171_R2_3.1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.17"},{"name":"NIST_SP_800-171_R2_3.1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.18"},{"name":"NIST_SP_800-171_R2_3.1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.19"},{"name":"NIST_SP_800-171_R2_3.1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.20"},{"name":"NIST_SP_800-171_R2_3.1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.21"},{"name":"NIST_SP_800-171_R2_3.1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.22"},{"name":"NIST_SP_800-171_R2_3.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.1"},{"name":"NIST_SP_800-171_R2_3.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.2"},{"name":"NIST_SP_800-171_R2_3.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.3"},{"name":"NIST_SP_800-171_R2_3.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.1"},{"name":"NIST_SP_800-171_R2_3.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.2"},{"name":"NIST_SP_800-171_R2_3.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.3"},{"name":"NIST_SP_800-171_R2_3.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.4"},{"name":"NIST_SP_800-171_R2_3.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.5"},{"name":"NIST_SP_800-171_R2_3.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.6"},{"name":"NIST_SP_800-171_R2_3.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.7"},{"name":"NIST_SP_800-171_R2_3.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.8"},{"name":"NIST_SP_800-171_R2_3.3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.9"},{"name":"NIST_SP_800-171_R2_3.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.1"},{"name":"NIST_SP_800-171_R2_3.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.2"},{"name":"NIST_SP_800-171_R2_3.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.3"},{"name":"NIST_SP_800-171_R2_3.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.4"},{"name":"NIST_SP_800-171_R2_3.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.5"},{"name":"NIST_SP_800-171_R2_3.4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.6"},{"name":"NIST_SP_800-171_R2_3.4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.7"},{"name":"NIST_SP_800-171_R2_3.4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.8"},{"name":"NIST_SP_800-171_R2_3.4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.9"},{"name":"NIST_SP_800-171_R2_3.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.1"},{"name":"NIST_SP_800-171_R2_3.5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.2"},{"name":"NIST_SP_800-171_R2_3.5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.3"},{"name":"NIST_SP_800-171_R2_3.5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.4"},{"name":"NIST_SP_800-171_R2_3.5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.5"},{"name":"NIST_SP_800-171_R2_3.5.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.6"},{"name":"NIST_SP_800-171_R2_3.5.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.7"},{"name":"NIST_SP_800-171_R2_3.5.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.8"},{"name":"NIST_SP_800-171_R2_3.5.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.9"},{"name":"NIST_SP_800-171_R2_3.5.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.10"},{"name":"NIST_SP_800-171_R2_3.5.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.11"},{"name":"NIST_SP_800-171_R2_3.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.1"},{"name":"NIST_SP_800-171_R2_3.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.2"},{"name":"NIST_SP_800-171_R2_3.6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.3"},{"name":"NIST_SP_800-171_R2_3.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.1"},{"name":"NIST_SP_800-171_R2_3.7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.2"},{"name":"NIST_SP_800-171_R2_3.7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.3"},{"name":"NIST_SP_800-171_R2_3.7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.4"},{"name":"NIST_SP_800-171_R2_3.7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.5"},{"name":"NIST_SP_800-171_R2_3.7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.6"},{"name":"NIST_SP_800-171_R2_3.8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.1"},{"name":"NIST_SP_800-171_R2_3.8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.2"},{"name":"NIST_SP_800-171_R2_3.8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.3"},{"name":"NIST_SP_800-171_R2_3.8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.4"},{"name":"NIST_SP_800-171_R2_3.8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.5"},{"name":"NIST_SP_800-171_R2_3.8.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.6"},{"name":"NIST_SP_800-171_R2_3.8.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.7"},{"name":"NIST_SP_800-171_R2_3.8.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.8"},{"name":"NIST_SP_800-171_R2_3.8.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.9"},{"name":"NIST_SP_800-171_R2_3.9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.1"},{"name":"NIST_SP_800-171_R2_3.9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.2"},{"name":"NIST_SP_800-171_R2_3.10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.1"},{"name":"NIST_SP_800-171_R2_3.10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.2"},{"name":"NIST_SP_800-171_R2_3.10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.3"},{"name":"NIST_SP_800-171_R2_3.10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.4"},{"name":"NIST_SP_800-171_R2_3.10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.5"},{"name":"NIST_SP_800-171_R2_3.10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.6"},{"name":"NIST_SP_800-171_R2_3.11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.1"},{"name":"NIST_SP_800-171_R2_3.11.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.2"},{"name":"NIST_SP_800-171_R2_3.11.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.3"},{"name":"NIST_SP_800-171_R2_3.12.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.1"},{"name":"NIST_SP_800-171_R2_3.12.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.2"},{"name":"NIST_SP_800-171_R2_3.12.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.3"},{"name":"NIST_SP_800-171_R2_3.12.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.4"},{"name":"NIST_SP_800-171_R2_3.13.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.1"},{"name":"NIST_SP_800-171_R2_3.13.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.2"},{"name":"NIST_SP_800-171_R2_3.13.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.3"},{"name":"NIST_SP_800-171_R2_3.13.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.4"},{"name":"NIST_SP_800-171_R2_3.13.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.5"},{"name":"NIST_SP_800-171_R2_3.13.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.6"},{"name":"NIST_SP_800-171_R2_3.13.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.7"},{"name":"NIST_SP_800-171_R2_3.13.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.8"},{"name":"NIST_SP_800-171_R2_3.13.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.9"},{"name":"NIST_SP_800-171_R2_3.13.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.10"},{"name":"NIST_SP_800-171_R2_3.13.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.11"},{"name":"NIST_SP_800-171_R2_3.13.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.12"},{"name":"NIST_SP_800-171_R2_3.13.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.13"},{"name":"NIST_SP_800-171_R2_3.13.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.14"},{"name":"NIST_SP_800-171_R2_3.13.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.15"},{"name":"NIST_SP_800-171_R2_3.13.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.16"},{"name":"NIST_SP_800-171_R2_3.14.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.1"},{"name":"NIST_SP_800-171_R2_3.14.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.2"},{"name":"NIST_SP_800-171_R2_3.14.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.3"},{"name":"NIST_SP_800-171_R2_3.14.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.4"},{"name":"NIST_SP_800-171_R2_3.14.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.5"},{"name":"NIST_SP_800-171_R2_3.14.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.6"},{"name":"NIST_SP_800-171_R2_3.14.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.7"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9","type":"Microsoft.Authorization/policySetDefinitions","name":"03055927-78bd-4236-86c0-f36125a10dc9"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs in which the Administrators group does not contain only the specified members","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines in which @@ -648,16 +647,16 @@ interactions: September 2016","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/irs1075-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/irs1075-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List - of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"[Preview]: + of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines","policyType":"BuiltIn","description":"This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be @@ -676,9 +675,9 @@ interactions: should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/133046de-0bd7-4546-93f4-f452e9e258b7","type":"Microsoft.Authorization/policySetDefinitions","name":"133046de-0bd7-4546-93f4-f452e9e258b7"},{"properties":{"displayName":"CIS Microsoft Azure Foundations Benchmark 1.1.0","policyType":"BuiltIn","description":"This - initiative includes audit policies that address a subset of CIS Microsoft - Azure Foundations Benchmark recommendations. Additional policies will be added - in upcoming releases. For more information, visit https://aka.ms/cisazure-blueprint.","metadata":{"version":"7.1.0","category":"Regulatory + initiative includes policies that address a subset of CIS Microsoft Azure + Foundations Benchmark recommendations. Additional policies will be added in + upcoming releases. For more information, visit https://aka.ms/cisazure110-initiative.","metadata":{"version":"9.0.0","category":"Regulatory Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List of regions where Network Watcher should be enabled","description":"To see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"NetworkWatcher @@ -686,10 +685,13 @@ interactions: such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List of virtual machine extensions that are approved for use","description":"A semicolon-separated list of virtual machine extensions; to see a complete - list of extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.2"]},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.23"]},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.2"]},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.3","CIS_Azure_1.1.0_7.5"]},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.4"]},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.5","CIS_Azure_1.1.0_7.6"]},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.6","CIS_Azure_1.1.0_7.1","CIS_Azure_1.1.0_7.2"]},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.7"]},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.10"]},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.12"]},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.13"]},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.14","CIS_Azure_1.1.0_4.1"]},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.15","CIS_Azure_1.1.0_4.9"]},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.16"]},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.17"]},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.18"]},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.19"]},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.1"]},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.7"]},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.8"]},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.2"]},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.3"]},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.8"]},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.11"]},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.12"]},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.13"]},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.14"]},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.15"]},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.17"]},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.1"]},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.2"]},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.3"]},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.4"]},{"policyDefinitionReferenceId":"CISv110x5x1x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.6"]},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.1"]},{"policyDefinitionReferenceId":"CISv110x5x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.2"]},{"policyDefinitionReferenceId":"CISv110x5x2x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.3"]},{"policyDefinitionReferenceId":"CISv110x5x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.4"]},{"policyDefinitionReferenceId":"CISv110x5x2x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.5"]},{"policyDefinitionReferenceId":"CISv110x5x2x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.6"]},{"policyDefinitionReferenceId":"CISv110x5x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/policies/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.9"]},{"policyDefinitionReferenceId":"CISv110x6x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.1"]},{"policyDefinitionReferenceId":"CISv110x6x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.2"]},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["CIS_Azure_1.1.0_6.5"]},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["CIS_Azure_1.1.0_7.3"]},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}},"groupNames":["CIS_Azure_1.1.0_7.4"]},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.5"]},{"policyDefinitionReferenceId":"CISv110x9x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.2"]},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.1"},{"name":"CIS_Azure_1.1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.5"},{"name":"CIS_Azure_1.1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.6"},{"name":"CIS_Azure_1.1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.7"},{"name":"CIS_Azure_1.1.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.15"},{"name":"CIS_Azure_1.1.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.21"},{"name":"CIS_Azure_1.1.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.22"},{"name":"CIS_Azure_1.1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.2"},{"name":"CIS_Azure_1.1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.3"},{"name":"CIS_Azure_1.1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.4"},{"name":"CIS_Azure_1.1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.8"},{"name":"CIS_Azure_1.1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.9"},{"name":"CIS_Azure_1.1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.10"},{"name":"CIS_Azure_1.1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.11"},{"name":"CIS_Azure_1.1.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.12"},{"name":"CIS_Azure_1.1.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.13"},{"name":"CIS_Azure_1.1.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.14"},{"name":"CIS_Azure_1.1.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.16"},{"name":"CIS_Azure_1.1.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.17"},{"name":"CIS_Azure_1.1.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.18"},{"name":"CIS_Azure_1.1.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.19"},{"name":"CIS_Azure_1.1.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.20"},{"name":"CIS_Azure_1.1.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.23"},{"name":"CIS_Azure_1.1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.1"},{"name":"CIS_Azure_1.1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.2"},{"name":"CIS_Azure_1.1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.3"},{"name":"CIS_Azure_1.1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.4"},{"name":"CIS_Azure_1.1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.5"},{"name":"CIS_Azure_1.1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.6"},{"name":"CIS_Azure_1.1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.7"},{"name":"CIS_Azure_1.1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.8"},{"name":"CIS_Azure_1.1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.9"},{"name":"CIS_Azure_1.1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.10"},{"name":"CIS_Azure_1.1.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.11"},{"name":"CIS_Azure_1.1.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.12"},{"name":"CIS_Azure_1.1.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.13"},{"name":"CIS_Azure_1.1.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.14"},{"name":"CIS_Azure_1.1.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.15"},{"name":"CIS_Azure_1.1.0_2.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.16"},{"name":"CIS_Azure_1.1.0_2.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.17"},{"name":"CIS_Azure_1.1.0_2.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.18"},{"name":"CIS_Azure_1.1.0_2.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.19"},{"name":"CIS_Azure_1.1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.1"},{"name":"CIS_Azure_1.1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.2"},{"name":"CIS_Azure_1.1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.4"},{"name":"CIS_Azure_1.1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.5"},{"name":"CIS_Azure_1.1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.6"},{"name":"CIS_Azure_1.1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.3"},{"name":"CIS_Azure_1.1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.7"},{"name":"CIS_Azure_1.1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.8"},{"name":"CIS_Azure_1.1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.1"},{"name":"CIS_Azure_1.1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.2"},{"name":"CIS_Azure_1.1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.3"},{"name":"CIS_Azure_1.1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.4"},{"name":"CIS_Azure_1.1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.5"},{"name":"CIS_Azure_1.1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.6"},{"name":"CIS_Azure_1.1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.7"},{"name":"CIS_Azure_1.1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.8"},{"name":"CIS_Azure_1.1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.9"},{"name":"CIS_Azure_1.1.0_4.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.10"},{"name":"CIS_Azure_1.1.0_4.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.11"},{"name":"CIS_Azure_1.1.0_4.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.12"},{"name":"CIS_Azure_1.1.0_4.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.13"},{"name":"CIS_Azure_1.1.0_4.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.14"},{"name":"CIS_Azure_1.1.0_4.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.15"},{"name":"CIS_Azure_1.1.0_4.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.16"},{"name":"CIS_Azure_1.1.0_4.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.17"},{"name":"CIS_Azure_1.1.0_4.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.18"},{"name":"CIS_Azure_1.1.0_4.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.19"},{"name":"CIS_Azure_1.1.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.1"},{"name":"CIS_Azure_1.1.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.2"},{"name":"CIS_Azure_1.1.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.3"},{"name":"CIS_Azure_1.1.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.4"},{"name":"CIS_Azure_1.1.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.5"},{"name":"CIS_Azure_1.1.0_5.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.6"},{"name":"CIS_Azure_1.1.0_5.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.7"},{"name":"CIS_Azure_1.1.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.1"},{"name":"CIS_Azure_1.1.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.2"},{"name":"CIS_Azure_1.1.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.3"},{"name":"CIS_Azure_1.1.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.4"},{"name":"CIS_Azure_1.1.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.5"},{"name":"CIS_Azure_1.1.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.6"},{"name":"CIS_Azure_1.1.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.7"},{"name":"CIS_Azure_1.1.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.8"},{"name":"CIS_Azure_1.1.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.9"},{"name":"CIS_Azure_1.1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.1"},{"name":"CIS_Azure_1.1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.2"},{"name":"CIS_Azure_1.1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.3"},{"name":"CIS_Azure_1.1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.5"},{"name":"CIS_Azure_1.1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.4"},{"name":"CIS_Azure_1.1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.1"},{"name":"CIS_Azure_1.1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.2"},{"name":"CIS_Azure_1.1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.3"},{"name":"CIS_Azure_1.1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.4"},{"name":"CIS_Azure_1.1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.5"},{"name":"CIS_Azure_1.1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.6"},{"name":"CIS_Azure_1.1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.1"},{"name":"CIS_Azure_1.1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.2"},{"name":"CIS_Azure_1.1.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.4"},{"name":"CIS_Azure_1.1.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.5"},{"name":"CIS_Azure_1.1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.3"},{"name":"CIS_Azure_1.1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.1"},{"name":"CIS_Azure_1.1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.2"},{"name":"CIS_Azure_1.1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.3"},{"name":"CIS_Azure_1.1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.4"},{"name":"CIS_Azure_1.1.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.5"},{"name":"CIS_Azure_1.1.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.6"},{"name":"CIS_Azure_1.1.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.7"},{"name":"CIS_Azure_1.1.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.8"},{"name":"CIS_Azure_1.1.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.9"},{"name":"CIS_Azure_1.1.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.10"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"Enable - Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor - all the available security recommendations in Azure Security Center. This - is the default policy for Azure Security Center.","metadata":{"version":"20.0.0","category":"Security + list of extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.2"]},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.23"]},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.1"]},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.2"]},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.3","CIS_Azure_1.1.0_7.5"]},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.4"]},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.5","CIS_Azure_1.1.0_7.6"]},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.6","CIS_Azure_1.1.0_7.1","CIS_Azure_1.1.0_7.2"]},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.7"]},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.10"]},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.12"]},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.13"]},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.14","CIS_Azure_1.1.0_4.1"]},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.15","CIS_Azure_1.1.0_4.9"]},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.16"]},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.18"]},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.19"]},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.1"]},{"policyDefinitionReferenceId":"CISv110x3x6CISv110x5x1x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.6","CIS_Azure_1.1.0_5.1.5"]},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.7"]},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.8"]},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.2"]},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.3"]},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.8"]},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.11"]},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.12"]},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.13"]},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.14"]},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.15"]},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.17"]},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.1"]},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.2"]},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.3"]},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.4"]},{"policyDefinitionReferenceId":"CISv110x5x1x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.6"]},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.1"]},{"policyDefinitionReferenceId":"CISv110x5x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.2"]},{"policyDefinitionReferenceId":"CISv110x5x2x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.3"]},{"policyDefinitionReferenceId":"CISv110x5x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.4"]},{"policyDefinitionReferenceId":"CISv110x5x2x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.5"]},{"policyDefinitionReferenceId":"CISv110x5x2x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.6"]},{"policyDefinitionReferenceId":"CISv110x5x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/policies/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.9"]},{"policyDefinitionReferenceId":"CISv110x6x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.1"]},{"policyDefinitionReferenceId":"CISv110x6x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.2"]},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["CIS_Azure_1.1.0_6.5"]},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["CIS_Azure_1.1.0_7.3"]},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}},"groupNames":["CIS_Azure_1.1.0_7.4"]},{"policyDefinitionReferenceId":"CISv110x8x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.1"]},{"policyDefinitionReferenceId":"CISv110x8x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.2"]},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.5"]},{"policyDefinitionReferenceId":"CISv110x9x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.2"]},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x5x1x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x8x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.1"},{"name":"CIS_Azure_1.1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.5"},{"name":"CIS_Azure_1.1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.6"},{"name":"CIS_Azure_1.1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.7"},{"name":"CIS_Azure_1.1.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.15"},{"name":"CIS_Azure_1.1.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.21"},{"name":"CIS_Azure_1.1.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.22"},{"name":"CIS_Azure_1.1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.2"},{"name":"CIS_Azure_1.1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.3"},{"name":"CIS_Azure_1.1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.4"},{"name":"CIS_Azure_1.1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.8"},{"name":"CIS_Azure_1.1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.9"},{"name":"CIS_Azure_1.1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.10"},{"name":"CIS_Azure_1.1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.11"},{"name":"CIS_Azure_1.1.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.12"},{"name":"CIS_Azure_1.1.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.13"},{"name":"CIS_Azure_1.1.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.14"},{"name":"CIS_Azure_1.1.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.16"},{"name":"CIS_Azure_1.1.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.17"},{"name":"CIS_Azure_1.1.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.18"},{"name":"CIS_Azure_1.1.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.19"},{"name":"CIS_Azure_1.1.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.20"},{"name":"CIS_Azure_1.1.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.23"},{"name":"CIS_Azure_1.1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.1"},{"name":"CIS_Azure_1.1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.2"},{"name":"CIS_Azure_1.1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.3"},{"name":"CIS_Azure_1.1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.4"},{"name":"CIS_Azure_1.1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.5"},{"name":"CIS_Azure_1.1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.6"},{"name":"CIS_Azure_1.1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.7"},{"name":"CIS_Azure_1.1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.8"},{"name":"CIS_Azure_1.1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.9"},{"name":"CIS_Azure_1.1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.10"},{"name":"CIS_Azure_1.1.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.11"},{"name":"CIS_Azure_1.1.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.12"},{"name":"CIS_Azure_1.1.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.13"},{"name":"CIS_Azure_1.1.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.14"},{"name":"CIS_Azure_1.1.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.15"},{"name":"CIS_Azure_1.1.0_2.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.16"},{"name":"CIS_Azure_1.1.0_2.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.17"},{"name":"CIS_Azure_1.1.0_2.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.18"},{"name":"CIS_Azure_1.1.0_2.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.19"},{"name":"CIS_Azure_1.1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.1"},{"name":"CIS_Azure_1.1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.2"},{"name":"CIS_Azure_1.1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.4"},{"name":"CIS_Azure_1.1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.5"},{"name":"CIS_Azure_1.1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.6"},{"name":"CIS_Azure_1.1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.3"},{"name":"CIS_Azure_1.1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.7"},{"name":"CIS_Azure_1.1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.8"},{"name":"CIS_Azure_1.1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.1"},{"name":"CIS_Azure_1.1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.2"},{"name":"CIS_Azure_1.1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.3"},{"name":"CIS_Azure_1.1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.4"},{"name":"CIS_Azure_1.1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.5"},{"name":"CIS_Azure_1.1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.6"},{"name":"CIS_Azure_1.1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.7"},{"name":"CIS_Azure_1.1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.8"},{"name":"CIS_Azure_1.1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.9"},{"name":"CIS_Azure_1.1.0_4.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.10"},{"name":"CIS_Azure_1.1.0_4.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.11"},{"name":"CIS_Azure_1.1.0_4.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.12"},{"name":"CIS_Azure_1.1.0_4.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.13"},{"name":"CIS_Azure_1.1.0_4.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.14"},{"name":"CIS_Azure_1.1.0_4.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.15"},{"name":"CIS_Azure_1.1.0_4.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.16"},{"name":"CIS_Azure_1.1.0_4.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.17"},{"name":"CIS_Azure_1.1.0_4.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.18"},{"name":"CIS_Azure_1.1.0_4.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.19"},{"name":"CIS_Azure_1.1.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.1"},{"name":"CIS_Azure_1.1.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.2"},{"name":"CIS_Azure_1.1.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.3"},{"name":"CIS_Azure_1.1.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.4"},{"name":"CIS_Azure_1.1.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.5"},{"name":"CIS_Azure_1.1.0_5.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.6"},{"name":"CIS_Azure_1.1.0_5.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.7"},{"name":"CIS_Azure_1.1.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.1"},{"name":"CIS_Azure_1.1.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.2"},{"name":"CIS_Azure_1.1.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.3"},{"name":"CIS_Azure_1.1.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.4"},{"name":"CIS_Azure_1.1.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.5"},{"name":"CIS_Azure_1.1.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.6"},{"name":"CIS_Azure_1.1.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.7"},{"name":"CIS_Azure_1.1.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.8"},{"name":"CIS_Azure_1.1.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.9"},{"name":"CIS_Azure_1.1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.1"},{"name":"CIS_Azure_1.1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.2"},{"name":"CIS_Azure_1.1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.3"},{"name":"CIS_Azure_1.1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.5"},{"name":"CIS_Azure_1.1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.4"},{"name":"CIS_Azure_1.1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.1"},{"name":"CIS_Azure_1.1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.2"},{"name":"CIS_Azure_1.1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.3"},{"name":"CIS_Azure_1.1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.4"},{"name":"CIS_Azure_1.1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.5"},{"name":"CIS_Azure_1.1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.6"},{"name":"CIS_Azure_1.1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.1"},{"name":"CIS_Azure_1.1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.2"},{"name":"CIS_Azure_1.1.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.4"},{"name":"CIS_Azure_1.1.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.5"},{"name":"CIS_Azure_1.1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.3"},{"name":"CIS_Azure_1.1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.1"},{"name":"CIS_Azure_1.1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.2"},{"name":"CIS_Azure_1.1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.3"},{"name":"CIS_Azure_1.1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.4"},{"name":"CIS_Azure_1.1.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.5"},{"name":"CIS_Azure_1.1.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.6"},{"name":"CIS_Azure_1.1.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.7"},{"name":"CIS_Azure_1.1.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.8"},{"name":"CIS_Azure_1.1.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.9"},{"name":"CIS_Azure_1.1.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.10"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"Azure + Security Benchmark","policyType":"BuiltIn","description":"The Azure Security + Benchmark initiative represents the policies and controls implementing security + recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. + This also serves as the Azure Security Center default policy initiative. You + can directly assign this initiative, or manage its policies and compliance + results within Azure Security Center.","metadata":{"version":"25.1.1","category":"Security Center"},"parameters":{"useServicePrincipalToProtectSubscriptionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Service principals should be used to protect your subscriptions instead of management certificates","description":"Management certificates allow anyone who authenticates @@ -721,13 +723,12 @@ interactions: key vault secrets should have expiration dates set."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"keysExpirationSetEffect":{"type":"String","metadata":{"displayName":"Key Vault keys should have expiration dates set","description":"Enable or disable key vault keys should have expiration dates set."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"azurePolicyforWindowsMonitoringEffect":{"type":"String","metadata":{"displayName":"Guest - Configuration extension should be installed on Windows virtual machines","description":"Enable + Configuration extension should be installed on virtual machines","description":"Enable or disable virtual machines reporting that the Guest Configuration extension - for Windows should be installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"gcExtOnVMWithNoSAMIMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual - Machines with Guest Configuration extension should have system assigned managed - identities","description":"Enable or disable virtual machines with no system - assigned managed identity reporting that the Guest Configuration extension - is installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"windowsDefenderExploitGuardMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows + should be installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"gcExtOnVMWithNoSAMIMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual + machines'' Guest Configuration extension should be deployed with system-assigned + managed identity","description":"Enable or disable Virtual machines'' Guest + Configuration extension should be deployed with system-assigned managed identity"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"windowsDefenderExploitGuardMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows Defender Exploit Guard should be enabled on your Windows virtual machines","description":"Enable or disable virtual machines reporting that Windows Defender Exploit Guard is enabled"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System @@ -760,7 +761,7 @@ interactions: NSG rules monitoring."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"A + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"A vulnerability assessment solution should be enabled on your virtual machines","description":"Enable or disable the detection of virtual machine vulnerabilities by Azure Security Center vulnerability assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit @@ -790,74 +791,74 @@ interactions: servers should be configured with auditing retention days greater than 90 days","description":"Enable or disable the monitoring of SQL servers with auditing retention period less than 90","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInAppServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure App Services","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs in Azure App Services","description":"Enable or disable the + monitoring of resource logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in App Services should be enabled","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation + monitoring of resource logs in Azure App Services","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation account variables should be encrypted","description":"Enable or disable the - monitoring of automation account encryption"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + monitoring of automation account encryption"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Batch accounts should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric + resource logs retention period in days"},"defaultValue":"1"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric alert rules should be configured on Batch accounts","description":"Enable or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual machines should be migrated to new Azure Resource Manager resources","description":"Enable or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage accounts should be migrated to new Azure Resource Manager resources","description":"Enable - or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Data Lake Analytics should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Data Lake Analytics accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + required resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Azure Data Lake Store should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required + disable the monitoring of resource logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + required resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Event Hub should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Key Vault should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Key Vault vaults","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Logic Apps should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Logic Apps workflows","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only secure connections to your Redis Cache should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of resource logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Search services should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service + resource logs retention period in days"},"defaultValue":"1"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service Fabric clusters should only use Azure Active Directory for client authentication","description":"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","description":"Enable - or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Service Bus should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Service Bus","description":"The required diagnostic - logs retention period in days"},"defaultValue":"365"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All + monitoring of resource logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required + retention (in days) of logs in Service Bus","description":"The required resource + logs retention period in days"},"defaultValue":"1"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace","description":"Enable or disable the monitoring of Service Bus namespace authorization rules","deprecated":true},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"aadAuthenticationInSqlServerMonitoringEffect":{"type":"String","metadata":{"displayName":"An Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Secure transfer to storage accounts should be enabled","description":"Enable or disable - the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Azure Stream Analytics should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required + disable the monitoring of resource logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Stream Analytics","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit + resource logs retention period in days"},"defaultValue":"1"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit usage of custom RBAC rules","description":"Enable or disable the monitoring of using built-in RBAC rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit unrestricted network access to storage accounts","description":"Enable or - disable the monitoring of network access to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + disable the monitoring of network access to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Virtual Machine Scale Sets should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All + or disable the monitoring of resource logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace","description":"Enable or disable the monitoring of access rules in Event Hub namespaces","deprecated":true},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"accessRulesInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Authorization @@ -865,7 +866,12 @@ interactions: disable the monitoring of access rules in Event Hubs","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverSqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities + on your SQL servers on machine should be remediated","description":"SQL Vulnerability + assessment scans your database for security vulnerabilities, and exposes any + deviations from best practices such as misconfigurations, excessive permissions, + and unprotected sensitive data. Resolving the vulnerabilities found can greatly + improve your database security posture."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive data in your SQL databases should be classified","description":"Enable or disable the monitoring of sensitive data classification in databases."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"type":"String","metadata":{"displayName":"A maximum of 3 owners should be designated for your subscription","description":"Enable @@ -968,11 +974,11 @@ interactions: use latest Python in Web App","description":"Enable or disable the monitoring of Python version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vnetEnableDDoSProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure DDoS Protection Standard should be enabled","description":"Enable or disable - the monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + the monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in IoT Hub should be enabled","description":"Enable or disable the monitoring - of diagnostic logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + of resource logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in IoT Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced + resource logs retention period in days"},"defaultValue":"1"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced data security should be enabled on your SQL servers","description":"Enable or disable the monitoring of SQL servers without Advanced Data Security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced data security should be enabled on SQL Managed Instance","description":"Enable @@ -1025,7 +1031,7 @@ interactions: Security settings","description":"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management ports should be closed on your virtual machines","description":"Enable or @@ -1224,8 +1230,8 @@ interactions: region failure. Configuring geo-redundant storage for backup is only allowed during server create."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest TLS version should be used in your API App","description":"Upgrade to the - latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic - logs in App Services should be enabled","description":"Audit enabling of diagnostic + latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource + logs in App Services should be enabled","description":"Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"Managed identity should be used in your API App","description":"Use a managed identity @@ -1319,7 +1325,283 @@ interactions: should be required in your Web App","description":"Enable FTPS enforcement for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS only should be required in your API App","description":"Enable FTPS enforcement - for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"useServicePrincipalToProtectSubscriptionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''useServicePrincipalToProtectSubscriptionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"updateOsVersionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a913c68-0590-402c-a531-e57e19379da3","parameters":{"effect":{"value":"[parameters(''updateOsVersionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"resolveLogAnalyticsHealthIssuesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''resolveLogAnalyticsHealthIssuesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmssMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmssMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"certificatesValidityPeriodMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","parameters":{"effect":{"value":"[parameters(''certificatesValidityPeriodMonitoringEffect'')]"},"maximumValidityInMonths":{"value":"[parameters(''certificatesValidityPeriodInMonths'')]"}}},{"policyDefinitionReferenceId":"secretsExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''secretsExpirationSetEffect'')]"}}},{"policyDefinitionReferenceId":"keysExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''keysExpirationSetEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"gcExtOnVMMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''azurePolicyforWindowsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"gcExtOnVMWithNoSAMIMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''gcExtOnVMWithNoSAMIMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"windowsDefenderExploitGuardMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"effect":{"value":"[parameters(''windowsDefenderExploitGuardMonitoringEffect'')]"},"NotAvailableMachineState":{"value":"Compliant"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsUpdateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsUpdateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnInternalVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}},{"policyDefinitionReferenceId":"AzureFirewallEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''AzureFirewallEffect'')]"}}},{"policyDefinitionReferenceId":"ArcWindowsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''ArcWindowsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ArcLinuxMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''ArcLinuxMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"keyVaultsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''keyVaultsAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServersAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''sqlServersAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageAccountsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''storageAccountsAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"appServicesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''appServicesAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerRegistryAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''containerRegistryAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"virtualMachinesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''virtualMachinesAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"azurePolicyAddonStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''azurePolicyAddonStatusEffect'')]"}}},{"policyDefinitionReferenceId":"ensureAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"effect":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterEffect'')]"},"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterRegex'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerImagesNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"privilegedContainersShouldBeAvoided","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''privilegedContainersShouldBeAvoidedEffect'')]"},"excludedNamespaces":{"value":"[parameters(''privilegedContainerNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"allowedContainerPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"effect":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterEffect'')]"},"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"allowedServicePortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"effect":{"value":"[parameters(''allowedServicePortsInKubernetesClusterEffect'')]"},"allowedServicePortsList":{"value":"[parameters(''allowedservicePortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedServicePortsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"memoryAndCPULimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"effect":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterEffect'')]"},"cpuLimit":{"value":"[parameters(''CPUInKubernetesClusterLimit'')]"},"memoryLimit":{"value":"[parameters(''memoryInKubernetesClusterLimit'')]"},"excludedNamespaces":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"MustRunAsNonRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''MustRunAsNonRootNamespaceEffect'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"excludedNamespaces":{"value":"[parameters(''MustRunAsNonRootNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"containerRegistryVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''containerRegistryVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"NoPrivilegeEscalationInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"NoSharingSensitiveHostNamespacesInKubernetes","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"ReadOnlyRootFileSystemInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"AllowedCapabilitiesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterNamespaceExclusion'')]"},"allowedCapabilities":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterList'')]"},"requiredDropCapabilities":{"value":"[parameters(''DropCapabilitiesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"AllowedAppArmorProfilesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterNamespaceExclusion'')]"},"allowedProfiles":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"AllowedHostNetworkingAndPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterNamespaceExclusion'')]"},"allowHostNetwork":{"value":"[parameters(''AllowHostNetworkingInKubernetesCluster'')]"},"minPort":{"value":"[parameters(''AllowedHostMinPortInKubernetesCluster'')]"},"maxPort":{"value":"[parameters(''AllowedHostMaxPortInKubernetesCluster'')]"}}},{"policyDefinitionReferenceId":"AllowedHostPathVolumesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterNamespaceExclusion'')]"},"allowedHostPaths":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"StorageDisallowPublicAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''disallowPublicBlobAccessEffect'')]"}}},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''fTPSShouldBeRequiredInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Deprecated]: + for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Function + apps should have ''Client Certificates (Incoming client certificates)'' enabled","description":"Client + certificates allow for the app to request a certificate for incoming requests. + Only clients with valid certificates will be able to reach the app."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should enable data encryption with a customer-managed key","description":"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/cosmosdb-cmk."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cosmos DB accounts should use customer-managed keys to encrypt data at rest","description":"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/cosmosdb-cmk."},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Key + vaults should have purge protection enabled","description":"Malicious deletion + of a key vault can lead to permanent data loss. A malicious insider in your + organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Key + vaults should have soft delete enabled","description":"Deleting a key vault + without soft delete enabled permanently deletes all secrets, keys, and certificates + stored in the key vault. Accidental deletion of a key vault can lead to permanent + data loss. Soft delete allows you to recover an accidentally deleted key vault + for a configurable retention period."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cache for Redis should reside within a virtual network","description":"Azure + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + accounts should use customer-managed key for encryption","description":"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + accounts should restrict network access using virtual network rules","description":"Protect + your storage accounts from potential threats using virtual network rules as + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should be encrypted with a customer-managed key","description":"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/acr/CMK."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should not allow unrestricted network access","description":"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn''t have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should use private link","description":"Azure Private Link lets + you connect your virtual network to Azure services without a public IP address + at the source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network.By mapping + private endpoints to your container registries instead of the entire service, + you''ll also be protected against data leakage risks. Learn more at: https://aka.ms/acr/private-link."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"appConfigurationShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"App + Configuration should use private link","description":"Azure Private Link lets + you connect your virtual network to Azure services without a public IP address + at the source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your app configuration instances instead of the entire + service, you''ll also be protected against data leakage risks. Learn more + at: https://aka.ms/appconfig/private-endpoint."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Event Grid domains should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network.By + mapping private endpoints to your Event Grid domains instead of the entire + service, you''ll also be protected against data leakage risks.Learn more at: + https://aka.ms/privateendpoints."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Event Grid topics should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network. + By mapping private endpoints to your topics instead of the entire service, + you''ll also be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureSignalRServiceShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + SignalR Service should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network. + By mapping private endpoints to your SignalR resources instead of the entire + service, you''ll also be protected against data leakage risks .Learn more + at: https://aka.ms/asrs/privatelink."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Machine Learning workspaces should be encrypted with a customer-managed key","description":"Manage + encryption at rest of your Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/azureml-workspaces-cmk."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Machine Learning workspaces should use private link","description":"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you''ll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Web + Application Firewall (WAF) should be enabled for Azure Front Door Service + service","description":"Deploy Azure Web Application Firewall (WAF) in front + of public facing web applications for additional inspection of incoming traffic. + Web Application Firewall (WAF) provides centralized protection of your web + applications from common exploits and vulnerabilities such as SQL injections, + Cross-Site Scripting, local and remote file executions. You can also restrict + access to your web applications by countries, IP address ranges, and other + http(s) parameters via custom rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect":{"type":"String","metadata":{"displayName":"Web + Application Firewall (WAF) should be enabled for Application Gateway","description":"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for MariaDB servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for MariaDB can only be accessed from a private endpoint. This configuration + strictly disables access from any public address space outside of Azure IP + range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for MySQL servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for MySQL can only be accessed from a private endpoint. This configuration + strictly disables access from any public address space outside of Azure IP + range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Bring + your own key data protection should be enabled for MySQL servers","description":"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for PostgreSQL servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for PostgreSQL can only be accessed from a private endpoint. This + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Bring + your own key data protection should be enabled for PostgreSQL servers","description":"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"VM + Image Builder templates should use private link","description":"Audit VM Image + Builder templates that do not have a virtual network configured. When a virtual + network is not configured, a public IP is created and used instead which may + directly expose resources to the internet and increase the potential attack + surface."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"firewallShouldBeEnabledOnKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Firewall + should be enabled on Key Vault","description":"Key vault''s firewall prevents + unauthorized traffic from reaching your key vault and provides an additional + layer of protection for your secrets. Enable the firewall to make sure that + only traffic from allowed networks can access your key vault."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Private + endpoint should be configured for Key Vault","description":"Private link provides + a way to connect Key Vault to your Azure resources without sending traffic + over the public internet. Private link provides defense in depth protection + against data exfiltration."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureSpringCloudShouldUseNetworkInjectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Spring Cloud should use network injection","description":"Azure Spring Cloud + instances should use virtual network injection for the following purposes: + 1. Isolate Azure Spring Cloud from Internet. 2. Enable Azure Spring Cloud + to interact with systems in either on premises data centers or Azure service + in other virtual networks. 3. Empower customers to control inbound and outbound + network communications for Azure Spring Cloud."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect":{"type":"String","metadata":{"displayName":"Subscriptions + should have a contact email address for security issues","description":"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, set a security contact + to receive email notifications from Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Auto + provisioning of the Log Analytics agent should be enabled on your subscription","description":"To + monitor for security vulnerabilities and threats, Azure Security Center collects + data from your Azure virtual machines. Data is collected by the Log Analytics + agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads + various security-related configurations and event logs from the machine and + copies the data to your Log Analytics workspace for analysis. We recommend + enabling auto provisioning to automatically deploy the agent to all supported + Azure VMs and any new ones that are created."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Email + notification for high severity alerts should be enabled","description":"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, enable email notifications + for high severity alerts in Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Email + notification to subscription owner for high severity alerts should be enabled","description":"To + ensure your subscription owners are notified when there is a potential security + breach in their subscription, set email notifications to subscription owners + for high severity alerts in Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + account should use a private link connection","description":"Private links + enforce secure communication, by providing private connectivity to the storage + account"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect":{"type":"String","metadata":{"displayName":"Authentication + to Linux machines should require SSH keys","description":"Although SSH itself + provides an encrypted connection, using passwords with SSH still leaves the + VM vulnerable to brute-force attacks. The most secure option for authenticating + to an Azure Linux virtual machine over SSH is with a public-private key pair, + also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Private + endpoint connections on Azure SQL Database should be enabled","description":"Private + endpoint connections enforce secure communication by enabling private connectivity + to Azure SQL Database."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access on Azure SQL Database should be disabled","description":"Disabling + the public network access property improves security by ensuring your Azure + SQL Database can only be accessed from a private endpoint. This configuration + denies all logins that match IP or virtual network based firewall rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect":{"type":"String","metadata":{"displayName":"Ensure + API app has Client Certificates Incoming client certificates set to On","description":"Client + certificates allow for the app to request a certificate for incoming requests. + Only clients that have a valid certificate will be able to reach the app."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect":{"type":"String","metadata":{"displayName":"Kubernetes + clusters should be accessible only over HTTPS","description":"Use of HTTPS + ensures authentication and protects data in transit from network layer eavesdropping + attacks. This capability is currently generally available for Kubernetes Service + (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For + more info, visit https://aka.ms/kubepolicydoc"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSExcludedNamespaces":{"type":"Array","metadata":{"displayName":"Namespace + exclusions","description":"List of Kubernetes namespaces to exclude from policy + evaluation."},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSNamespaces":{"type":"Array","metadata":{"displayName":"Namespace + inclusions","description":"List of Kubernetes namespaces to only include in + policy evaluation. An empty list means the policy is applied to all resources + in all namespaces."},"defaultValue":[]},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows + web servers should be configured to use secure communication protocols","description":"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsIncludeArcMachines":{"type":"String","metadata":{"displayName":"Include + Arc connected servers","description":"By selecting this option, you agree + to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum + TLS version","description":"The minimum TLS protocol version that should be + enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"},"cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should restrict network access","description":"Network access + to Cognitive Services accounts should be restricted. Configure network rules + so only applications from allowed networks can access the Cognitive Services + account. To allow connections from specific internet or on-premises clients, + access can be granted to traffic from specific Azure virtual networks or to + public internet IP address ranges."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should use customer owned storage or enable data encryption","description":"This + policy audits any Cognitive Services account not using customer owned storage + nor data encryption. For each Cognitive Services account with storage, use + either customer owned storage or enable data encryption."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for Cognitive Services accounts","description":"This + policy audits any Cognitive Services account in your environment with public + network access enabled. Public network access should be disabled so that only + connections from private endpoints are allowed."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should enable data encryption","description":"This policy + audits any Cognitive Services account not using data encryption. For each + Cognitive Services account with storage, should enable data encryption with + either customer managed or Microsoft managed key."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect":{"type":"String","metadata":{"displayName":"API + Management services should use a virtual network","description":"Azure Virtual + Network deployment provides enhanced security, isolation and allows you to + place your API Management service in a non-internet routable network that + you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"aPIManagementServicesShouldUseAVirtualNetworkEvaluatedSkuNames":{"type":"Array","metadata":{"displayName":"API + Management SKU Names","description":"List of API Management SKUs against which + this policy will be evaluated."},"allowedValues":["Developer","Basic","Standard","Premium","Consumption"],"defaultValue":["Developer","Premium"]},"azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cosmos DB accounts should have firewall rules","description":"Firewall rules + should be defined on your Azure Cosmos DB accounts to prevent traffic from + unauthorized sources. Accounts that have at least one IP rule defined with + the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"networkWatcherShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Network + Watcher should be enabled","description":"Network Watcher is a regional service + that enables you to monitor and diagnose conditions at a network scenario + level in, to, and from Azure. Scenario level monitoring enables you to diagnose + problems at an end to end network level view. Network diagnostic and visualization + tools available with Network Watcher help you understand, diagnose, and gain + insights to your network in Azure."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkWatcherShouldBeEnabledListOfLocations":{"type":"Array","metadata":{"displayName":"List + of regions where Network Watcher should be enabled","description":"To see + a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":["[]"]},"networkWatcherShouldBeEnabledResourceGroupName":{"type":"String","metadata":{"displayName":"Name + of the resource group for Network Watcher","description":"Name of the resource + group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"}},"policyDefinitions":[{"policyDefinitionReferenceId":"useServicePrincipalToProtectSubscriptionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''useServicePrincipalToProtectSubscriptionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"updateOsVersionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a913c68-0590-402c-a531-e57e19379da3","parameters":{"effect":{"value":"[parameters(''updateOsVersionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"resolveLogAnalyticsHealthIssuesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''resolveLogAnalyticsHealthIssuesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmssMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmssMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"certificatesValidityPeriodMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","parameters":{"effect":{"value":"[parameters(''certificatesValidityPeriodMonitoringEffect'')]"},"maximumValidityInMonths":{"value":"[parameters(''certificatesValidityPeriodInMonths'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"secretsExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''secretsExpirationSetEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"keysExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''keysExpirationSetEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"gcExtOnVMMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''azurePolicyforWindowsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"gcExtOnVMWithNoSAMIMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''gcExtOnVMWithNoSAMIMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"windowsDefenderExploitGuardMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"effect":{"value":"[parameters(''windowsDefenderExploitGuardMonitoringEffect'')]"},"NotAvailableMachineState":{"value":"Compliant"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2"]},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsUpdateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsUpdateMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnInternalVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"serverSqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d","parameters":{"effect":{"value":"[parameters(''serverSqlDbVulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"AzureFirewallEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''AzureFirewallEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4","Azure_Security_Benchmark_v2.0_NS-5"]},{"policyDefinitionReferenceId":"ArcWindowsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''ArcWindowsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"ArcLinuxMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''ArcLinuxMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"keyVaultsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''keyVaultsAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"sqlServersAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''sqlServersAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"storageAccountsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''storageAccountsAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"appServicesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''appServicesAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"containerRegistryAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''containerRegistryAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"kubernetesServiceAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"virtualMachinesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''virtualMachinesAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5","Azure_Security_Benchmark_v2.0_ES-1"]},{"policyDefinitionReferenceId":"azurePolicyAddonStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''azurePolicyAddonStatusEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"effect":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterEffect'')]"},"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterRegex'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerImagesNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"privilegedContainersShouldBeAvoided","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''privilegedContainersShouldBeAvoidedEffect'')]"},"excludedNamespaces":{"value":"[parameters(''privilegedContainerNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"allowedContainerPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"effect":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterEffect'')]"},"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"allowedServicePortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"effect":{"value":"[parameters(''allowedServicePortsInKubernetesClusterEffect'')]"},"allowedServicePortsList":{"value":"[parameters(''allowedservicePortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedServicePortsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"memoryAndCPULimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"effect":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterEffect'')]"},"cpuLimit":{"value":"[parameters(''CPUInKubernetesClusterLimit'')]"},"memoryLimit":{"value":"[parameters(''memoryInKubernetesClusterLimit'')]"},"excludedNamespaces":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"MustRunAsNonRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''MustRunAsNonRootNamespaceEffect'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"excludedNamespaces":{"value":"[parameters(''MustRunAsNonRootNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"containerRegistryVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''containerRegistryVulnerabilityAssessmentEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"NoPrivilegeEscalationInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"NoSharingSensitiveHostNamespacesInKubernetes","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ReadOnlyRootFileSystemInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedCapabilitiesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterNamespaceExclusion'')]"},"allowedCapabilities":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterList'')]"},"requiredDropCapabilities":{"value":"[parameters(''DropCapabilitiesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedAppArmorProfilesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterNamespaceExclusion'')]"},"allowedProfiles":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedHostNetworkingAndPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterNamespaceExclusion'')]"},"allowHostNetwork":{"value":"[parameters(''AllowHostNetworkingInKubernetesCluster'')]"},"minPort":{"value":"[parameters(''AllowedHostMinPortInKubernetesCluster'')]"},"maxPort":{"value":"[parameters(''AllowedHostMaxPortInKubernetesCluster'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedHostPathVolumesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterNamespaceExclusion'')]"},"allowedHostPaths":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"StorageDisallowPublicAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''disallowPublicBlobAccessEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-6"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''fTPSShouldBeRequiredInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f","parameters":{"effect":{"value":"[parameters(''azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4","parameters":{"effect":{"value":"[parameters(''azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"appConfigurationShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7","parameters":{"effect":{"value":"[parameters(''appConfigurationShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca","parameters":{"effect":{"value":"[parameters(''azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f","parameters":{"effect":{"value":"[parameters(''azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSignalRServiceShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f","parameters":{"effect":{"value":"[parameters(''azureSignalRServiceShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8","parameters":{"effect":{"value":"[parameters(''azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab","parameters":{"effect":{"value":"[parameters(''azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833","parameters":{"effect":{"value":"[parameters(''bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274","parameters":{"effect":{"value":"[parameters(''bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa","parameters":{"effect":{"value":"[parameters(''vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"firewallShouldBeEnabledOnKeyVaultMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''firewallShouldBeEnabledOnKeyVaultMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSpringCloudShouldUseNetworkInjectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4","parameters":{"effect":{"value":"[parameters(''azureSpringCloudShouldUseNetworkInjectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9","parameters":{"effect":{"value":"[parameters(''storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6","parameters":{"effect":{"value":"[parameters(''authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed","parameters":{"effect":{"value":"[parameters(''privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","parameters":{"effect":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect'')]"},"excludedNamespaces":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSExcludedNamespaces'')]"},"namespaces":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSNamespaces'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"effect":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect'')]"},"IncludeArcMachines":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsIncludeArcMachines'')]"},"MinimumTLSVersion":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMinimumTLSVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b","parameters":{"effect":{"value":"[parameters(''aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect'')]"},"evaluatedSkuNames":{"value":"[parameters(''aPIManagementServicesShouldUseAVirtualNetworkEvaluatedSkuNames'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb","parameters":{"effect":{"value":"[parameters(''azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"effect":{"value":"[parameters(''networkWatcherShouldBeEnabledMonitoringEffect'')]"},"listOfLocations":{"value":"[parameters(''networkWatcherShouldBeEnabledListOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''networkWatcherShouldBeEnabledResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v2.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-1"},{"name":"Azure_Security_Benchmark_v2.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-2"},{"name":"Azure_Security_Benchmark_v2.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-3"},{"name":"Azure_Security_Benchmark_v2.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-4"},{"name":"Azure_Security_Benchmark_v2.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-5"},{"name":"Azure_Security_Benchmark_v2.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-6"},{"name":"Azure_Security_Benchmark_v2.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-1"},{"name":"Azure_Security_Benchmark_v2.0_IM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-2"},{"name":"Azure_Security_Benchmark_v2.0_IM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-3"},{"name":"Azure_Security_Benchmark_v2.0_IM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-4"},{"name":"Azure_Security_Benchmark_v2.0_IM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-5"},{"name":"Azure_Security_Benchmark_v2.0_IM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-6"},{"name":"Azure_Security_Benchmark_v2.0_IM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-8"},{"name":"Azure_Security_Benchmark_v2.0_PA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-1"},{"name":"Azure_Security_Benchmark_v2.0_PA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-2"},{"name":"Azure_Security_Benchmark_v2.0_PA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-3"},{"name":"Azure_Security_Benchmark_v2.0_PA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-4"},{"name":"Azure_Security_Benchmark_v2.0_PA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-5"},{"name":"Azure_Security_Benchmark_v2.0_PA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-6"},{"name":"Azure_Security_Benchmark_v2.0_PA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-7"},{"name":"Azure_Security_Benchmark_v2.0_PA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-8"},{"name":"Azure_Security_Benchmark_v2.0_DP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-1"},{"name":"Azure_Security_Benchmark_v2.0_DP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-2"},{"name":"Azure_Security_Benchmark_v2.0_DP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-3"},{"name":"Azure_Security_Benchmark_v2.0_DP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-4"},{"name":"Azure_Security_Benchmark_v2.0_DP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-1"},{"name":"Azure_Security_Benchmark_v2.0_AM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-2"},{"name":"Azure_Security_Benchmark_v2.0_AM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-3"},{"name":"Azure_Security_Benchmark_v2.0_AM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-4"},{"name":"Azure_Security_Benchmark_v2.0_AM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-1"},{"name":"Azure_Security_Benchmark_v2.0_LT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-2"},{"name":"Azure_Security_Benchmark_v2.0_LT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-3"},{"name":"Azure_Security_Benchmark_v2.0_LT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-4"},{"name":"Azure_Security_Benchmark_v2.0_LT-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-5"},{"name":"Azure_Security_Benchmark_v2.0_LT-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-7"},{"name":"Azure_Security_Benchmark_v2.0_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-1"},{"name":"Azure_Security_Benchmark_v2.0_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-2"},{"name":"Azure_Security_Benchmark_v2.0_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-3"},{"name":"Azure_Security_Benchmark_v2.0_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-4"},{"name":"Azure_Security_Benchmark_v2.0_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-5"},{"name":"Azure_Security_Benchmark_v2.0_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-1"},{"name":"Azure_Security_Benchmark_v2.0_PV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-2"},{"name":"Azure_Security_Benchmark_v2.0_PV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-3"},{"name":"Azure_Security_Benchmark_v2.0_PV-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-4"},{"name":"Azure_Security_Benchmark_v2.0_PV-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-5"},{"name":"Azure_Security_Benchmark_v2.0_PV-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-7"},{"name":"Azure_Security_Benchmark_v2.0_PV-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-8"},{"name":"Azure_Security_Benchmark_v2.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-1"},{"name":"Azure_Security_Benchmark_v2.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-2"},{"name":"Azure_Security_Benchmark_v2.0_ES-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-1"},{"name":"Azure_Security_Benchmark_v2.0_BR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-2"},{"name":"Azure_Security_Benchmark_v2.0_BR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-1"},{"name":"Azure_Security_Benchmark_v2.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-2"},{"name":"Azure_Security_Benchmark_v2.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-3"},{"name":"Azure_Security_Benchmark_v2.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-5"},{"name":"Azure_Security_Benchmark_v2.0_GS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-6"},{"name":"Azure_Security_Benchmark_v2.0_GS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-7"},{"name":"Azure_Security_Benchmark_v2.0_GS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information @@ -1334,7 +1616,7 @@ interactions: initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more - information, visit https://aka.ms/AustralianGovernmentISM-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + information, visit https://aka.ms/AustralianGovernmentISM-blueprint.","metadata":{"version":"4.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -1368,7 +1650,7 @@ interactions: An Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Only secure connections to your Redis Cache should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + or disable the monitoring of resource logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Endpoint protection solution should be installed on virtual machine scale sets","description":"Enable or disable the monitoring of virtual machine scale sets endpoint protection monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToIncludeWindows":{"type":"Array","metadata":{"displayName":"[Preview]: @@ -1400,10 +1682,10 @@ interactions: or disable the monitoring of the use of HTTPS in Function App v2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"vulnerabilityAssessmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"logProfilesForActivityLogEffect":{"type":"String","metadata":{"displayName":"[Preview]: + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"logProfilesForActivityLogEffect":{"type":"String","metadata":{"displayName":"[Preview]: Azure subscriptions should have a log profile for Activity Log","description":"Enable or disable the monitoring of a log profile for Activity Log in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"}},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"}},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: System updates should be installed on your machines","description":"Enable or disable the monitoring of system updates reporting"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Latest TLS version should be used for App Service","description":"Enable or @@ -1480,28 +1762,28 @@ interactions: or disable the monitoring of the latest TLS version in Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentEmailSettingForReceivingScanReports","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''auditUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logProfilesForActivityLog","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''logProfilesForActivityLogEffect'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''anitmalwareRequiredForWindowsServersEffect'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"AzureBaselineSecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"enforcePasswordHistory":{"value":"[parameters(''enforcePasswordHistory'')]"},"maximumPasswordAge":{"value":"[parameters(''maximumPasswordAge'')]"},"minimumPasswordAge":{"value":"[parameters(''minimumPasswordAge'')]"},"minimumPasswordLength":{"value":"[parameters(''minimumPasswordLength'')]"},"passwordMustMeetComplexityRequirements":{"value":"[parameters(''passwordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077","type":"Microsoft.Authorization/policySetDefinitions","name":"27272c0b-c225-4cc3-b8b0-f2534b093077"},{"properties":{"displayName":"UK + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentEmailSettingForReceivingScanReports","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''auditUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logProfilesForActivityLog","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''logProfilesForActivityLogEffect'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''anitmalwareRequiredForWindowsServersEffect'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"AzureBaselineSecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"enforcePasswordHistory":{"value":"[parameters(''enforcePasswordHistory'')]"},"maximumPasswordAge":{"value":"[parameters(''maximumPasswordAge'')]"},"minimumPasswordAge":{"value":"[parameters(''minimumPasswordAge'')]"},"minimumPasswordLength":{"value":"[parameters(''minimumPasswordLength'')]"},"passwordMustMeetComplexityRequirements":{"value":"[parameters(''passwordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077","type":"Microsoft.Authorization/policySetDefinitions","name":"27272c0b-c225-4cc3-b8b0-f2534b093077"},{"properties":{"displayName":"UK OFFICIAL and UK NHS","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-blueprint - and https://aka.ms/uknhs-blueprint.","metadata":{"version":"4.0.0","category":"Regulatory + and https://aka.ms/uknhs-blueprint.","metadata":{"version":"6.0.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]: + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["UK_NCSC_CSP_5.3","UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["UK_NCSC_CSP_5.3","UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2","UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["UK_NCSC_CSP_5.3"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["UK_NCSC_CSP_5.3"]},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["UK_NCSC_CSP_1"]}],"policyDefinitionGroups":[{"name":"UK_NCSC_CSP_1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_1"},{"name":"UK_NCSC_CSP_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.1"},{"name":"UK_NCSC_CSP_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.2"},{"name":"UK_NCSC_CSP_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.3"},{"name":"UK_NCSC_CSP_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.4"},{"name":"UK_NCSC_CSP_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.5"},{"name":"UK_NCSC_CSP_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.6"},{"name":"UK_NCSC_CSP_3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_3"},{"name":"UK_NCSC_CSP_4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_4"},{"name":"UK_NCSC_CSP_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.1"},{"name":"UK_NCSC_CSP_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.2"},{"name":"UK_NCSC_CSP_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.3"},{"name":"UK_NCSC_CSP_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.4"},{"name":"UK_NCSC_CSP_6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_6"},{"name":"UK_NCSC_CSP_7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_7"},{"name":"UK_NCSC_CSP_8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_8"},{"name":"UK_NCSC_CSP_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_9.1"},{"name":"UK_NCSC_CSP_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_9.2"},{"name":"UK_NCSC_CSP_10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_10"},{"name":"UK_NCSC_CSP_11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_11"},{"name":"UK_NCSC_CSP_12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_12"},{"name":"UK_NCSC_CSP_13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_13"},{"name":"UK_NCSC_CSP_14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_14"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]: SWIFT CSP-CSCF v2020","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added - in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.","metadata":{"version":"3.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"[Preview]: Connected workspace IDs","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: Members to include","description":"A semicolon-separated list of members that @@ -1513,44 +1795,45 @@ interactions: initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.1.1-deprecated","category":"Guest - Configuration","deprecated":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Preview]: - Azure Security Benchmark","policyType":"BuiltIn","description":"This initiative - includes audit and virtual machine extension deployment policies that address - a subset of Azure Security Benchmark recommendations. Additional policies - will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.","metadata":{"version":"6.1.0-preview","preview":true,"category":"Regulatory - Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: + Configuration","deprecated":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Deprecated]: + Azure Security Benchmark v1","policyType":"BuiltIn","description":"This initiative + has been deprecated. The Azure Security Benchmark initiative now represents + the Azure Security Benchmark v2 controls, and serves as the Azure Security + Center default policy initiative. Please assign that initiative, or manage + its policies and compliance results within Azure Security Center.","metadata":{"version":"7.0.2-deprecated","deprecated":true,"category":"Regulatory + Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Deprecated]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc - connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users excluded from Windows VM Administrators group","description":"A semicolon-separated list of members that should be excluded in the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users that must be included in Windows VM Administrators group","description":"A semicolon-separated list of members that should be included in the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfOnlyMembersInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfOnlyMembersInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users that Windows VM Administrators group must *only* include","description":"A semicolon-separated list of all the expected members of the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"[Deprecated]: List of regions where Network Watcher should be enabled","description":"To - see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","germanynorth","germanywestcentral","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","norwayeast","norwaywest","southafricanorth","southafricawest","southcentralus","southeastasia","southindia","switzerlandnorth","switzerlandwest","uaecentral","uaenorth","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"[Preview]: + see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","germanynorth","germanywestcentral","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","norwayeast","norwaywest","southafricanorth","southafricawest","southcentralus","southeastasia","southindia","switzerlandnorth","switzerlandwest","uaecentral","uaenorth","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"[Deprecated]: NetworkWatcher resource group name","description":"Name of the resource group - of NetworkWatcher, such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"approvedVirtualNetworkForVMs":{"type":"String","metadata":{"displayName":"[Preview]: - Virtual network where VMs should be connected","description":"Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name","strongType":"Microsoft.Network/virtualNetworks"}},"approvedNetworkGatewayforVirtualNetworks":{"type":"String","metadata":{"displayName":"[Preview]: + of NetworkWatcher, such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"approvedVirtualNetworkForVMs":{"type":"String","metadata":{"displayName":"[Deprecated]: + Virtual network where VMs should be connected","description":"Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name","strongType":"Microsoft.Network/virtualNetworks"}},"approvedNetworkGatewayforVirtualNetworks":{"type":"String","metadata":{"displayName":"[Deprecated]: Network gateway that virtual networks should use","description":"Example: - /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name","strongType":"Microsoft.Network/virtualNetworkGateways"}},"listOfWorkspaceIDsForLogAnalyticsAgent":{"type":"String","metadata":{"displayName":"[Preview]: + /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name","strongType":"Microsoft.Network/virtualNetworkGateways"}},"listOfWorkspaceIDsForLogAnalyticsAgent":{"type":"String","metadata":{"displayName":"[Deprecated]: List of workspace IDs where Log Analytics agents should connect","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent - should be connected to"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","description":"Audit - diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: - Latest PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + should be connected to"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of resource types that should have resource logs enabled","description":"Audit + diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Java version","description":"Latest supported Java version for App - Services"},"defaultValue":"11"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Services"},"defaultValue":"11"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Windows Python version","description":"Latest supported Python version - for App Services","deprecated":true},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + for App Services","deprecated":true},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Linux Python version","description":"Latest supported Python version - for App Services"},"defaultValue":"3.8"}},"policyDefinitions":[{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.11","Azure_Security_Benchmark_v1.0_9.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"22730e10-96f6-4aac-ad84-9383d35b5917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"235359c5-7c52-4b82-9055-01c75cf9f60e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"37e0d2fe-28a5-43d6-a273-67d37d1f5606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_4.9"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.8","Azure_Security_Benchmark_v1.0_6.10"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"6265018c-d7e2-432f-a75d-094d5f6f4465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WorkspaceId":{"value":"[parameters(''listOfWorkspaceIDsForLogAnalyticsAgent'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"760a85ff-6162-42b3-8d70-698e268f648c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"caf2d518-f029-4f6b-833b-d7081702f253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"67e010c1-640d-438e-a3a5-feaccb533a98","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b4d66858-c922-44e3-9566-5cdb7a7be744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.2","Azure_Security_Benchmark_v1.0_1.5"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"Members":{"value":"[parameters(''listOfOnlyMembersInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"bd352bd5-2853-4985-bf0d-73806b4a5744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.3"]},{"policyDefinitionReferenceId":"c4857be7-912a-4c75-87e6-e30292bcdf78","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.1","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"d416745a-506c-48b6-8ab1-83cb814bcaa3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"virtualNetworkId":{"value":"[parameters(''approvedVirtualNetworkForVMs'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"d63edb4a-c612-454d-b47d-191a724fcbf0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"ea4d6841-2173-4317-9747-ff522a45120f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"f1776c76-f58c-4245-a8d0-2b207198dc8b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","parameters":{"virtualNetworkGatewayId":{"value":"[parameters(''approvedNetworkGatewayforVirtualNetworks'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"0564d078-92f5-4f97-8398-b9f58a51f70b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0a1302fb-a631-4106-9753-f3d494733990","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"7595c971-233d-4bcf-bd18-596129188c49","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"7ff426e2-515f-405a-91c8-4f2333442eb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.5"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"},{"name":"Azure_Security_Benchmark_v1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"},{"name":"Azure_Security_Benchmark_v1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"},{"name":"Azure_Security_Benchmark_v1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"},{"name":"Azure_Security_Benchmark_v1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"},{"name":"Azure_Security_Benchmark_v1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"},{"name":"Azure_Security_Benchmark_v1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"},{"name":"Azure_Security_Benchmark_v1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"},{"name":"Azure_Security_Benchmark_v1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"},{"name":"Azure_Security_Benchmark_v1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"},{"name":"Azure_Security_Benchmark_v1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"},{"name":"Azure_Security_Benchmark_v1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"},{"name":"Azure_Security_Benchmark_v1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"},{"name":"Azure_Security_Benchmark_v1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"},{"name":"Azure_Security_Benchmark_v1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"},{"name":"Azure_Security_Benchmark_v1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"},{"name":"Azure_Security_Benchmark_v1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"},{"name":"Azure_Security_Benchmark_v1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"},{"name":"Azure_Security_Benchmark_v1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"},{"name":"Azure_Security_Benchmark_v1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"},{"name":"Azure_Security_Benchmark_v1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"},{"name":"Azure_Security_Benchmark_v1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"},{"name":"Azure_Security_Benchmark_v1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"},{"name":"Azure_Security_Benchmark_v1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"},{"name":"Azure_Security_Benchmark_v1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"},{"name":"Azure_Security_Benchmark_v1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"},{"name":"Azure_Security_Benchmark_v1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"},{"name":"Azure_Security_Benchmark_v1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"},{"name":"Azure_Security_Benchmark_v1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"},{"name":"Azure_Security_Benchmark_v1.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"},{"name":"Azure_Security_Benchmark_v1.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"},{"name":"Azure_Security_Benchmark_v1.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"},{"name":"Azure_Security_Benchmark_v1.0_3.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"},{"name":"Azure_Security_Benchmark_v1.0_3.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"},{"name":"Azure_Security_Benchmark_v1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"},{"name":"Azure_Security_Benchmark_v1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"},{"name":"Azure_Security_Benchmark_v1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"},{"name":"Azure_Security_Benchmark_v1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"},{"name":"Azure_Security_Benchmark_v1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"},{"name":"Azure_Security_Benchmark_v1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"},{"name":"Azure_Security_Benchmark_v1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"},{"name":"Azure_Security_Benchmark_v1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"},{"name":"Azure_Security_Benchmark_v1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"},{"name":"Azure_Security_Benchmark_v1.0_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"},{"name":"Azure_Security_Benchmark_v1.0_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"},{"name":"Azure_Security_Benchmark_v1.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"},{"name":"Azure_Security_Benchmark_v1.0_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"},{"name":"Azure_Security_Benchmark_v1.0_5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"},{"name":"Azure_Security_Benchmark_v1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"},{"name":"Azure_Security_Benchmark_v1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"},{"name":"Azure_Security_Benchmark_v1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"},{"name":"Azure_Security_Benchmark_v1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"},{"name":"Azure_Security_Benchmark_v1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"},{"name":"Azure_Security_Benchmark_v1.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"},{"name":"Azure_Security_Benchmark_v1.0_6.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"},{"name":"Azure_Security_Benchmark_v1.0_6.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"},{"name":"Azure_Security_Benchmark_v1.0_6.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"},{"name":"Azure_Security_Benchmark_v1.0_6.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"},{"name":"Azure_Security_Benchmark_v1.0_6.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"},{"name":"Azure_Security_Benchmark_v1.0_6.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"},{"name":"Azure_Security_Benchmark_v1.0_6.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"},{"name":"Azure_Security_Benchmark_v1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"},{"name":"Azure_Security_Benchmark_v1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"},{"name":"Azure_Security_Benchmark_v1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"},{"name":"Azure_Security_Benchmark_v1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"},{"name":"Azure_Security_Benchmark_v1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"},{"name":"Azure_Security_Benchmark_v1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"},{"name":"Azure_Security_Benchmark_v1.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"},{"name":"Azure_Security_Benchmark_v1.0_7.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"},{"name":"Azure_Security_Benchmark_v1.0_7.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"},{"name":"Azure_Security_Benchmark_v1.0_7.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"},{"name":"Azure_Security_Benchmark_v1.0_7.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"},{"name":"Azure_Security_Benchmark_v1.0_7.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"},{"name":"Azure_Security_Benchmark_v1.0_7.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"},{"name":"Azure_Security_Benchmark_v1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"},{"name":"Azure_Security_Benchmark_v1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"},{"name":"Azure_Security_Benchmark_v1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"},{"name":"Azure_Security_Benchmark_v1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"},{"name":"Azure_Security_Benchmark_v1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"},{"name":"Azure_Security_Benchmark_v1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"},{"name":"Azure_Security_Benchmark_v1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"},{"name":"Azure_Security_Benchmark_v1.0_10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"},{"name":"Azure_Security_Benchmark_v1.0_10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"},{"name":"Azure_Security_Benchmark_v1.0_10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"},{"name":"Azure_Security_Benchmark_v1.0_10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"},{"name":"Azure_Security_Benchmark_v1.0_10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"},{"name":"Azure_Security_Benchmark_v1.0_11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"},{"name":"Azure_Security_Benchmark_v1.0_10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92","type":"Microsoft.Authorization/policySetDefinitions","name":"42a694ed-f65e-42b2-aa9e-8052e9740a92"},{"properties":{"displayName":"Kubernetes + for App Services"},"defaultValue":"3.8"}},"policyDefinitions":[{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.11","Azure_Security_Benchmark_v1.0_9.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"22730e10-96f6-4aac-ad84-9383d35b5917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"235359c5-7c52-4b82-9055-01c75cf9f60e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"37e0d2fe-28a5-43d6-a273-67d37d1f5606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_4.9"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.8","Azure_Security_Benchmark_v1.0_6.10"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"6265018c-d7e2-432f-a75d-094d5f6f4465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WorkspaceId":{"value":"[parameters(''listOfWorkspaceIDsForLogAnalyticsAgent'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"caf2d518-f029-4f6b-833b-d7081702f253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"67e010c1-640d-438e-a3a5-feaccb533a98","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.2","Azure_Security_Benchmark_v1.0_1.5"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"Members":{"value":"[parameters(''listOfOnlyMembersInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"bd352bd5-2853-4985-bf0d-73806b4a5744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.3"]},{"policyDefinitionReferenceId":"c4857be7-912a-4c75-87e6-e30292bcdf78","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.1","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"d416745a-506c-48b6-8ab1-83cb814bcaa3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"virtualNetworkId":{"value":"[parameters(''approvedVirtualNetworkForVMs'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"d63edb4a-c612-454d-b47d-191a724fcbf0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"ea4d6841-2173-4317-9747-ff522a45120f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"f1776c76-f58c-4245-a8d0-2b207198dc8b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","parameters":{"virtualNetworkGatewayId":{"value":"[parameters(''approvedNetworkGatewayforVirtualNetworks'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"0564d078-92f5-4f97-8398-b9f58a51f70b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0a1302fb-a631-4106-9753-f3d494733990","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"7595c971-233d-4bcf-bd18-596129188c49","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"7ff426e2-515f-405a-91c8-4f2333442eb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.5"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"},{"name":"Azure_Security_Benchmark_v1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"},{"name":"Azure_Security_Benchmark_v1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"},{"name":"Azure_Security_Benchmark_v1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"},{"name":"Azure_Security_Benchmark_v1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"},{"name":"Azure_Security_Benchmark_v1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"},{"name":"Azure_Security_Benchmark_v1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"},{"name":"Azure_Security_Benchmark_v1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"},{"name":"Azure_Security_Benchmark_v1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"},{"name":"Azure_Security_Benchmark_v1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"},{"name":"Azure_Security_Benchmark_v1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"},{"name":"Azure_Security_Benchmark_v1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"},{"name":"Azure_Security_Benchmark_v1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"},{"name":"Azure_Security_Benchmark_v1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"},{"name":"Azure_Security_Benchmark_v1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"},{"name":"Azure_Security_Benchmark_v1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"},{"name":"Azure_Security_Benchmark_v1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"},{"name":"Azure_Security_Benchmark_v1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"},{"name":"Azure_Security_Benchmark_v1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"},{"name":"Azure_Security_Benchmark_v1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"},{"name":"Azure_Security_Benchmark_v1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"},{"name":"Azure_Security_Benchmark_v1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"},{"name":"Azure_Security_Benchmark_v1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"},{"name":"Azure_Security_Benchmark_v1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"},{"name":"Azure_Security_Benchmark_v1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"},{"name":"Azure_Security_Benchmark_v1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"},{"name":"Azure_Security_Benchmark_v1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"},{"name":"Azure_Security_Benchmark_v1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"},{"name":"Azure_Security_Benchmark_v1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"},{"name":"Azure_Security_Benchmark_v1.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"},{"name":"Azure_Security_Benchmark_v1.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"},{"name":"Azure_Security_Benchmark_v1.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"},{"name":"Azure_Security_Benchmark_v1.0_3.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"},{"name":"Azure_Security_Benchmark_v1.0_3.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"},{"name":"Azure_Security_Benchmark_v1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"},{"name":"Azure_Security_Benchmark_v1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"},{"name":"Azure_Security_Benchmark_v1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"},{"name":"Azure_Security_Benchmark_v1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"},{"name":"Azure_Security_Benchmark_v1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"},{"name":"Azure_Security_Benchmark_v1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"},{"name":"Azure_Security_Benchmark_v1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"},{"name":"Azure_Security_Benchmark_v1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"},{"name":"Azure_Security_Benchmark_v1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"},{"name":"Azure_Security_Benchmark_v1.0_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"},{"name":"Azure_Security_Benchmark_v1.0_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"},{"name":"Azure_Security_Benchmark_v1.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"},{"name":"Azure_Security_Benchmark_v1.0_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"},{"name":"Azure_Security_Benchmark_v1.0_5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"},{"name":"Azure_Security_Benchmark_v1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"},{"name":"Azure_Security_Benchmark_v1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"},{"name":"Azure_Security_Benchmark_v1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"},{"name":"Azure_Security_Benchmark_v1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"},{"name":"Azure_Security_Benchmark_v1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"},{"name":"Azure_Security_Benchmark_v1.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"},{"name":"Azure_Security_Benchmark_v1.0_6.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"},{"name":"Azure_Security_Benchmark_v1.0_6.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"},{"name":"Azure_Security_Benchmark_v1.0_6.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"},{"name":"Azure_Security_Benchmark_v1.0_6.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"},{"name":"Azure_Security_Benchmark_v1.0_6.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"},{"name":"Azure_Security_Benchmark_v1.0_6.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"},{"name":"Azure_Security_Benchmark_v1.0_6.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"},{"name":"Azure_Security_Benchmark_v1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"},{"name":"Azure_Security_Benchmark_v1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"},{"name":"Azure_Security_Benchmark_v1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"},{"name":"Azure_Security_Benchmark_v1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"},{"name":"Azure_Security_Benchmark_v1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"},{"name":"Azure_Security_Benchmark_v1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"},{"name":"Azure_Security_Benchmark_v1.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"},{"name":"Azure_Security_Benchmark_v1.0_7.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"},{"name":"Azure_Security_Benchmark_v1.0_7.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"},{"name":"Azure_Security_Benchmark_v1.0_7.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"},{"name":"Azure_Security_Benchmark_v1.0_7.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"},{"name":"Azure_Security_Benchmark_v1.0_7.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"},{"name":"Azure_Security_Benchmark_v1.0_7.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"},{"name":"Azure_Security_Benchmark_v1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"},{"name":"Azure_Security_Benchmark_v1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"},{"name":"Azure_Security_Benchmark_v1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"},{"name":"Azure_Security_Benchmark_v1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"},{"name":"Azure_Security_Benchmark_v1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"},{"name":"Azure_Security_Benchmark_v1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"},{"name":"Azure_Security_Benchmark_v1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"},{"name":"Azure_Security_Benchmark_v1.0_10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"},{"name":"Azure_Security_Benchmark_v1.0_10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"},{"name":"Azure_Security_Benchmark_v1.0_10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"},{"name":"Azure_Security_Benchmark_v1.0_10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"},{"name":"Azure_Security_Benchmark_v1.0_10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"},{"name":"Azure_Security_Benchmark_v1.0_11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"},{"name":"Azure_Security_Benchmark_v1.0_10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92","type":"Microsoft.Authorization/policySetDefinitions","name":"42a694ed-f65e-42b2-aa9e-8052e9740a92"},{"properties":{"displayName":"Kubernetes cluster pod security restricted standards for Linux-based workloads","policyType":"BuiltIn","description":"This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), @@ -1567,17 +1850,17 @@ interactions: v3.2.1:2018","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/pciv321-init.","metadata":{"version":"2.0.0-preview","category":"Regulatory + releases. For more information, visit https://aka.ms/pciv321-init.","metadata":{"version":"3.0.2","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"Canada + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"Canada Federal PBMM","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint.","metadata":{"version":"5.0.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -1586,13 +1869,13 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members to include","description":"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CSSS_IA-2(1)"]},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CSSS_IA-2(1)"]},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["CSSS_SI-2"]},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["CSSS_AC-4"]},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["CSSS_SC-7"]},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["CSSS_SC-5"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_AC-17(1)","CSSS_IA-5","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_AC-17(1)","CSSS_IA-5","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["CSSS_AC-17(1)","CSSS_IA-5"]},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["CSSS_SI-3","CSSS_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CSSS_SC-7"]},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CSSS_SI-3","CSSS_SI-3(1)"]},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CSSS_SI-2"]},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CSSS_CM-7(5)","CSSS_CM-11"]},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CSSS_SC-7(3)","CSSS_SC-7(4)"]},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CSSS_SC-28"]},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["CSSS_RA-5"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["CSSS_AU-5","CSSS_AU-12"]},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CSSS_AC-2(7)"]},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12","CSSS_RA-5","CSSS_SC-28","CSSS_SI-4"]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12"]},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12","CSSS_RA-5","CSSS_SC-28","CSSS_SI-4"]},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CSSS_SC-28"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CSSS_AC-17(1)","CSSS_SC-7"]},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["CSSS_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["CSSS_CP-7"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_SC-8(1)"]}],"policyDefinitionGroups":[{"name":"CCCS_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-1"},{"name":"CSSS_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-2"},{"name":"CCCS_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(1)"},{"name":"CCCS_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(2)"},{"name":"CCCS_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(3)"},{"name":"CCCS_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(4)"},{"name":"CCCS_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(5)"},{"name":"CSSS_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-2(7)"},{"name":"CCCS_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(9)"},{"name":"CCCS_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(10)"},{"name":"CCCS_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-3"},{"name":"CSSS_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-4"},{"name":"CCCS_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-4(21)"},{"name":"CSSS_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-5"},{"name":"CSSS_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-6"},{"name":"CCCS_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(1)"},{"name":"CCCS_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(2)"},{"name":"CCCS_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(5)"},{"name":"CCCS_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(9)"},{"name":"CCCS_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(10)"},{"name":"CCCS_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-7"},{"name":"CCCS_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-8"},{"name":"CCCS_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-10"},{"name":"CCCS_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-11"},{"name":"CCCS_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-11(1)"},{"name":"CCCS_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-12"},{"name":"CCCS_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-14"},{"name":"CCCS_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17"},{"name":"CSSS_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-17(1)"},{"name":"CCCS_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(2)"},{"name":"CCCS_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(3)"},{"name":"CCCS_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(4)"},{"name":"CCCS_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(9)"},{"name":"CCCS_AC-17(100)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(100)"},{"name":"CCCS_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18"},{"name":"CCCS_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18(1)"},{"name":"CCCS_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18(4)"},{"name":"CCCS_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-19"},{"name":"CCCS_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20"},{"name":"CCCS_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20(1)"},{"name":"CCCS_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20(2)"},{"name":"CCCS_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-21"},{"name":"CCCS_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-22"},{"name":"CCCS_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-1"},{"name":"CCCS_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-2"},{"name":"CCCS_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-2(2)"},{"name":"CCCS_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-3"},{"name":"CCCS_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-4"},{"name":"CCCS_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-1"},{"name":"CCCS_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-2"},{"name":"CCCS_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-2(3)"},{"name":"CSSS_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-3"},{"name":"CCCS_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-3(1)"},{"name":"CSSS_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-5"},{"name":"CCCS_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6"},{"name":"CCCS_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6(1)"},{"name":"CCCS_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6(3)"},{"name":"CCCS_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-7"},{"name":"CCCS_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-7(1)"},{"name":"CCCS_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-8"},{"name":"CCCS_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-8(1)"},{"name":"CCCS_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9"},{"name":"CCCS_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9(2)"},{"name":"CCCS_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9(4)"},{"name":"CCCS_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-11"},{"name":"CSSS_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-12"},{"name":"CCCS_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-1"},{"name":"CCCS_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2"},{"name":"CCCS_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(1)"},{"name":"CCCS_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(2)"},{"name":"CCCS_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(3)"},{"name":"CCCS_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3"},{"name":"CCCS_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3(3)"},{"name":"CCCS_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3(5)"},{"name":"CCCS_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-5"},{"name":"CCCS_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-6"},{"name":"CCCS_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-7"},{"name":"CCCS_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-7(1)"},{"name":"CCCS_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-8"},{"name":"CCCS_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-8(1)"},{"name":"CCCS_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-9"},{"name":"CCCS_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-1"},{"name":"CCCS_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2"},{"name":"CCCS_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(1)"},{"name":"CCCS_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(2)"},{"name":"CCCS_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(3)"},{"name":"CCCS_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(7)"},{"name":"CCCS_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3"},{"name":"CCCS_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3(4)"},{"name":"CCCS_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3(6)"},{"name":"CCCS_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-4"},{"name":"CCCS_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5"},{"name":"CCCS_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5(1)"},{"name":"CSSS_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CM-7(5)"},{"name":"CCCS_CM-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5(6)"},{"name":"CCCS_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6"},{"name":"CCCS_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6(1)"},{"name":"CCCS_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6(2)"},{"name":"CCCS_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7"},{"name":"CCCS_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7(1)"},{"name":"CCCS_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7(5)"},{"name":"CCCS_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8"},{"name":"CCCS_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(1)"},{"name":"CCCS_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(2)"},{"name":"CCCS_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(3)"},{"name":"CCCS_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(5)"},{"name":"CCCS_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-9"},{"name":"CCCS_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-10"},{"name":"CCCS_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-10(1)"},{"name":"CSSS_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CM-11"},{"name":"CCCS_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-1"},{"name":"CCCS_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2"},{"name":"CCCS_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(1)"},{"name":"CCCS_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(2)"},{"name":"CCCS_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(3)"},{"name":"CCCS_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(4)"},{"name":"CCCS_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(5)"},{"name":"CCCS_CP-2(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(6)"},{"name":"CCCS_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(8)"},{"name":"CCCS_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-3"},{"name":"CCCS_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4"},{"name":"CCCS_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4(1)"},{"name":"CCCS_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4(2)"},{"name":"CCCS_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6"},{"name":"CCCS_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(1)"},{"name":"CCCS_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(2)"},{"name":"CCCS_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(3)"},{"name":"CSSS_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CP-7"},{"name":"CCCS_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(1)"},{"name":"CCCS_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(2)"},{"name":"CCCS_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(3)"},{"name":"CCCS_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(4)"},{"name":"CCCS_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8"},{"name":"CCCS_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(1)"},{"name":"CCCS_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(2)"},{"name":"CCCS_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(3)"},{"name":"CCCS_CP-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(5)"},{"name":"CCCS_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9"},{"name":"CCCS_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(1)"},{"name":"CCCS_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(2)"},{"name":"CCCS_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(3)"},{"name":"CCCS_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(5)"},{"name":"CCCS_CP-9(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(7)"},{"name":"CCCS_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10"},{"name":"CCCS_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10(2)"},{"name":"CCCS_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10(4)"},{"name":"CCCS_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-1"},{"name":"CCCS_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2"},{"name":"CSSS_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-2(1)"},{"name":"CCCS_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(3)"},{"name":"CCCS_IA-2(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(6)"},{"name":"CCCS_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(8)"},{"name":"CCCS_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(11)"},{"name":"CCCS_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-3"},{"name":"CCCS_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4"},{"name":"CCCS_IA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(2)"},{"name":"CCCS_IA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(3)"},{"name":"CCCS_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(4)"},{"name":"CSSS_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-5"},{"name":"CSSS_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-5(1)"},{"name":"CCCS_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(2)"},{"name":"CCCS_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(3)"},{"name":"CCCS_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(4)"},{"name":"CCCS_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(6)"},{"name":"CCCS_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(7)"},{"name":"CCCS_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(8)"},{"name":"CCCS_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(11)"},{"name":"CCCS_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-6"},{"name":"CCCS_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-7"},{"name":"CCCS_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-8"},{"name":"CCCS_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-1"},{"name":"CCCS_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-2"},{"name":"CCCS_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-3"},{"name":"CCCS_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-3(2)"},{"name":"CCCS_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4"},{"name":"CCCS_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4(1)"},{"name":"CCCS_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4(3)"},{"name":"CCCS_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-5"},{"name":"CCCS_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-6"},{"name":"CCCS_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-6(1)"},{"name":"CCCS_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7"},{"name":"CCCS_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7(1)"},{"name":"CCCS_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7(2)"},{"name":"CCCS_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-8"},{"name":"CCCS_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9"},{"name":"CCCS_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(1)"},{"name":"CCCS_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(2)"},{"name":"CCCS_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(3)"},{"name":"CCCS_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(4)"},{"name":"CCCS_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-1"},{"name":"CCCS_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-2"},{"name":"CCCS_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3"},{"name":"CCCS_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(1)"},{"name":"CCCS_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(2)"},{"name":"CCCS_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(3)"},{"name":"CCCS_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4"},{"name":"CCCS_MA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(1)"},{"name":"CCCS_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(2)"},{"name":"CCCS_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(3)"},{"name":"CCCS_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(6)"},{"name":"CCCS_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-5"},{"name":"CCCS_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-5(1)"},{"name":"CCCS_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-6"},{"name":"CCCS_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-1"},{"name":"CCCS_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-2"},{"name":"CCCS_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-3"},{"name":"CCCS_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-4"},{"name":"CCCS_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-5"},{"name":"CCCS_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-5(4)"},{"name":"CCCS_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6"},{"name":"CCCS_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(1)"},{"name":"CCCS_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(2)"},{"name":"CCCS_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(3)"},{"name":"CCCS_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-7"},{"name":"CCCS_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-7(1)"},{"name":"CCCS_MP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-8"},{"name":"CCCS_MP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-8(1)"},{"name":"CCCS_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-1"},{"name":"CCCS_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-2"},{"name":"CCCS_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-3"},{"name":"CCCS_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-3(1)"},{"name":"CCCS_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-4"},{"name":"CCCS_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-5"},{"name":"CCCS_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6"},{"name":"CCCS_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6(1)"},{"name":"CCCS_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6(4)"},{"name":"CCCS_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-8"},{"name":"CCCS_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-9"},{"name":"CCCS_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-10"},{"name":"CCCS_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-11"},{"name":"CCCS_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-12"},{"name":"CCCS_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13"},{"name":"CCCS_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13(2)"},{"name":"CCCS_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13(3)"},{"name":"CCCS_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-14"},{"name":"CCCS_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-14(2)"},{"name":"CCCS_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-15"},{"name":"CCCS_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-16"},{"name":"CCCS_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-17"},{"name":"CCCS_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-1"},{"name":"CCCS_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-2"},{"name":"CCCS_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-2(3)"},{"name":"CCCS_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-4"},{"name":"CCCS_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-4(1)"},{"name":"CCCS_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-8"},{"name":"CCCS_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-1"},{"name":"CCCS_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-2"},{"name":"CCCS_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-3"},{"name":"CCCS_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-3(3)"},{"name":"CCCS_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-4"},{"name":"CCCS_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-5"},{"name":"CCCS_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-6"},{"name":"CCCS_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-7"},{"name":"CCCS_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-8"},{"name":"CCCS_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-1"},{"name":"CCCS_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-2"},{"name":"CCCS_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-3"},{"name":"CSSS_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_RA-5"},{"name":"CCCS_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(1)"},{"name":"CCCS_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(2)"},{"name":"CCCS_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(3)"},{"name":"CCCS_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(5)"},{"name":"CCCS_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(6)"},{"name":"CCCS_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(8)"},{"name":"CCCS_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-1"},{"name":"CCCS_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-2"},{"name":"CCCS_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-3"},{"name":"CCCS_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4"},{"name":"CCCS_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(1)"},{"name":"CCCS_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(2)"},{"name":"CCCS_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(8)"},{"name":"CCCS_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(9)"},{"name":"CCCS_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-5"},{"name":"CCCS_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-8"},{"name":"CCCS_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9"},{"name":"CCCS_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(1)"},{"name":"CCCS_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(2)"},{"name":"CCCS_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(4)"},{"name":"CCCS_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(5)"},{"name":"CCCS_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-10"},{"name":"CCCS_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-10(1)"},{"name":"CCCS_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11"},{"name":"CCCS_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(1)"},{"name":"CCCS_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(2)"},{"name":"CCCS_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(8)"},{"name":"CCCS_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-15"},{"name":"CCCS_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-1"},{"name":"CCCS_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-2"},{"name":"CCCS_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-4"},{"name":"CSSS_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-5"},{"name":"CCCS_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-6"},{"name":"CSSS_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7"},{"name":"CSSS_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7(3)"},{"name":"CSSS_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7(4)"},{"name":"CCCS_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(5)"},{"name":"CCCS_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(7)"},{"name":"CCCS_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(8)"},{"name":"CCCS_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(12)"},{"name":"CCCS_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(13)"},{"name":"CCCS_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(18)"},{"name":"CCCS_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-8"},{"name":"CSSS_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-8(1)"},{"name":"CCCS_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-10"},{"name":"CCCS_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12"},{"name":"CCCS_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(1)"},{"name":"CCCS_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(2)"},{"name":"CCCS_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(3)"},{"name":"CCCS_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-13"},{"name":"CCCS_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-15"},{"name":"CCCS_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-17"},{"name":"CCCS_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18"},{"name":"CCCS_SC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18(3)"},{"name":"CCCS_SC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18(4)"},{"name":"CCCS_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-19"},{"name":"CCCS_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-20"},{"name":"CCCS_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-21"},{"name":"CCCS_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-22"},{"name":"CCCS_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-23"},{"name":"CCCS_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-23(1)"},{"name":"CSSS_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-28"},{"name":"CCCS_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-28(1)"},{"name":"CCCS_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-39"},{"name":"CCCS_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-1"},{"name":"CSSS_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-2"},{"name":"CCCS_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-2(2)"},{"name":"CCCS_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-2(3)"},{"name":"CSSS_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-3"},{"name":"CSSS_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-3(1)"},{"name":"CCCS_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-3(2)"},{"name":"CCCS_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-3(7)"},{"name":"CSSS_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-4"},{"name":"CCCS_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(1)"},{"name":"CCCS_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(2)"},{"name":"CCCS_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(4)"},{"name":"CCCS_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(5)"},{"name":"CCCS_SI-4(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(7)"},{"name":"CCCS_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(11)"},{"name":"CCCS_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(14)"},{"name":"CCCS_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(16)"},{"name":"CCCS_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(20)"},{"name":"CCCS_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(23)"},{"name":"CCCS_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-5"},{"name":"CCCS_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-6"},{"name":"CCCS_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7"},{"name":"CCCS_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7(1)"},{"name":"CCCS_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7(7)"},{"name":"CCCS_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8"},{"name":"CCCS_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8(1)"},{"name":"CCCS_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8(2)"},{"name":"CCCS_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-10"},{"name":"CCCS_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-11"},{"name":"CCCS_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-12"},{"name":"CCCS_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-16"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs on which the remote host connection status does not match the specified one","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines on which the remote @@ -1675,7 +1958,279 @@ interactions: List of VM images that have supported Windows OS to add to scope","description":"Example value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: List of VM images that have supported Linux OS to add to scope","description":"Example - value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Deprecated]: + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + CIS Microsoft Azure Foundations Benchmark 1.3.0","policyType":"BuiltIn","description":"This + initiative includes policies that address a subset of CIS Microsoft Azure + Foundations Benchmark recommendations. Additional policies will be added in + upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative.","metadata":{"version":"1.0.0-preview","preview":true,"category":"Regulatory + Compliance"},"parameters":{"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Custom subscription owner roles should not exist","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-475aae12-b88a-4572-8b36-9b712b2b3a17":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auto provisioning of the Log Analytics agent should be + enabled on your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subscriptions should have a contact email address for security + issues","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access using virtual + network rules","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c9d007d0-c057-4772-b18c-01e546713bcd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should allow access from trusted Microsoft + services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-89099bee-89e0-4b26-a5f4-165451757743":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should be configured with 90 days auditing + retention or higher.","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Log checkpoints should be enabled for PostgreSQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Log connections should be enabled for PostgreSQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disconnections should be logged for PostgreSQL database + servers.","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Connection throttling should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should use customer-managed keys to encrypt + data at rest","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL managed instances should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account containing the container with activity + logs must be encrypted with BYOK","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention period (days) for resource logs","description":"For more + information about resource logs, visit https://aka.ms/resourcelogs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Batch accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"Boolean","metadata":{"displayName":"[Preview]: + Include AKS clusters when auditing if virtual machine scale set resource logs + are enabled"},"defaultValue":false},"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Azure Data Lake Store should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Data Lake Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Event Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Logic Apps should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Search services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Service Bus should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Azure Stream Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Preview]: + List of regions where Network Watcher should be enabled","description":"To + see a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":[]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Preview]: + Name of the resource group for Network Watcher","description":"Name of the + resource group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Unattached disks should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c0e996f8-39cf-4af9-9f45-83fbde810432":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only approved VM extensions should be installed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432":{"type":"Array","metadata":{"displayName":"[Preview]: + List of virtual machine extensions that are approved for use","description":"A + semicolon-separated list of virtual machine extensions; to see a complete + list of extensions, use the Azure PowerShell command Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-98728c90-32c7-4049-8429-847dc0f4fe37":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secrets should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c4ebc54a-46e1-481a-bee2-d4411e95d828":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your API app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your Function app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your web app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure API app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eaebaea7-8013-4ceb-9d14-7eb32271373c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure Function app has ''Client Certificates (Incoming + client certificates)'' set to ''On''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5bb220d9-2698-4ee4-8404-b9c30c9df609":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure WEB app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2b9ad585-36bc-4615-b300-fd4435808332":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Function app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Web app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS only should be required in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-399b2637-a50f-4f95-96f8-3a145476eb15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS only should be required in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS should be required in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["CIS_Azure_1.3.0_1.1"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["CIS_Azure_1.3.0_1.1"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["CIS_Azure_1.3.0_1.2"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{"effect":{"value":"[parameters(''effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'')]"}},"groupNames":["CIS_Azure_1.3.0_1.21"]},{"policyDefinitionReferenceId":"4da35fc9-c9e7-4960-aec9-797fe7d9051d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["CIS_Azure_1.3.0_2.1"]},{"policyDefinitionReferenceId":"2913021d-f2fd-4f3d-b958-22354e2bdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["CIS_Azure_1.3.0_2.2"]},{"policyDefinitionReferenceId":"7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["CIS_Azure_1.3.0_2.3"]},{"policyDefinitionReferenceId":"6581d072-105e-4418-827f-bd446d56421b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["CIS_Azure_1.3.0_2.4"]},{"policyDefinitionReferenceId":"308fbb08-4ab8-4e67-9b29-592e93fb94fa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["CIS_Azure_1.3.0_2.5"]},{"policyDefinitionReferenceId":"523b5cd1-3e23-492f-a539-13118b6d1e3a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["CIS_Azure_1.3.0_2.6"]},{"policyDefinitionReferenceId":"c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["CIS_Azure_1.3.0_2.7"]},{"policyDefinitionReferenceId":"0e6763cc-5078-4e64-889d-ff4d9a839047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["CIS_Azure_1.3.0_2.8"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''effect-475aae12-b88a-4572-8b36-9b712b2b3a17'')]"}},"groupNames":["CIS_Azure_1.3.0_2.11"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["CIS_Azure_1.3.0_2.13"]},{"policyDefinitionReferenceId":"6e2593d9-add6-4083-9c9b-4b7d2188c899","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["CIS_Azure_1.3.0_2.14"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["CIS_Azure_1.3.0_3.1"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["CIS_Azure_1.3.0_3.5","CIS_Azure_1.3.0_5.1.3"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["CIS_Azure_1.3.0_3.6"]},{"policyDefinitionReferenceId":"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f'')]"}},"groupNames":["CIS_Azure_1.3.0_3.6"]},{"policyDefinitionReferenceId":"c9d007d0-c057-4772-b18c-01e546713bcd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{"effect":{"value":"[parameters(''effect-c9d007d0-c057-4772-b18c-01e546713bcd'')]"}},"groupNames":["CIS_Azure_1.3.0_3.7"]},{"policyDefinitionReferenceId":"6fac406b-40ca-413b-bf8e-0bf964659c25","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["CIS_Azure_1.3.0_3.9"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.1"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.2"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''effect-89099bee-89e0-4b26-a5f4-165451757743'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.3"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.1"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.1"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.2"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.4"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.1"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.2"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.3"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.4"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.5"]},{"policyDefinitionReferenceId":"5345bb39-67dc-4960-a1bf-427e16b9a0bd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{"effect":{"value":"[parameters(''effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.6"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["CIS_Azure_1.3.0_4.5"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["CIS_Azure_1.3.0_4.5"]},{"policyDefinitionReferenceId":"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{"effect":{"value":"[parameters(''effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2'')]"}},"groupNames":["CIS_Azure_1.3.0_5.1.4"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.1"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.2"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.3"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.4"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.5"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.6"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.7"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.8"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.9"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.9"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''effect-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.1.5","CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''effect-428256e6-1fac-4f48-a757-df34c2b3336d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''effect-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"},"includeAKSClusters":{"value":"[parameters(''includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''effect-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''effect-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''effect-34f95f76-5386-4de7-b824-0d8478470c9d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"e372f825-a257-4fb8-9175-797a8a8627d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["CIS_Azure_1.3.0_6.1"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["CIS_Azure_1.3.0_6.2"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["CIS_Azure_1.3.0_6.5"]},{"policyDefinitionReferenceId":"06a78e20-9358-41c9-923c-fb736d382a4d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["CIS_Azure_1.3.0_7.1"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["CIS_Azure_1.3.0_7.2"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2'')]"}},"groupNames":["CIS_Azure_1.3.0_7.3"]},{"policyDefinitionReferenceId":"c0e996f8-39cf-4af9-9f45-83fbde810432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"effect":{"value":"[parameters(''effect-c0e996f8-39cf-4af9-9f45-83fbde810432'')]"},"approvedExtensions":{"value":"[parameters(''approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432'')]"}},"groupNames":["CIS_Azure_1.3.0_7.4"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["CIS_Azure_1.3.0_7.5"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["CIS_Azure_1.3.0_7.6"]},{"policyDefinitionReferenceId":"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0'')]"}},"groupNames":["CIS_Azure_1.3.0_8.1"]},{"policyDefinitionReferenceId":"98728c90-32c7-4049-8429-847dc0f4fe37","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''effect-98728c90-32c7-4049-8429-847dc0f4fe37'')]"}},"groupNames":["CIS_Azure_1.3.0_8.2"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["CIS_Azure_1.3.0_8.4"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["CIS_Azure_1.3.0_8.5"]},{"policyDefinitionReferenceId":"c4ebc54a-46e1-481a-bee2-d4411e95d828","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{"effect":{"value":"[parameters(''effect-c4ebc54a-46e1-481a-bee2-d4411e95d828'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{"effect":{"value":"[parameters(''effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"95bccee9-a7f8-4bec-9ee9-62c3473701fc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{"effect":{"value":"[parameters(''effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["CIS_Azure_1.3.0_9.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"0c192fe8-9cbb-4516-85b3-0ade8bd03886","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"eaebaea7-8013-4ceb-9d14-7eb32271373c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''effect-eaebaea7-8013-4ceb-9d14-7eb32271373c'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''effect-5bb220d9-2698-4ee4-8404-b9c30c9df609'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''effect-2b9ad585-36bc-4615-b300-fd4435808332'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.6"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.6"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"991310cd-e9f3-47bc-b7b6-f57b557d07db","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{"effect":{"value":"[parameters(''effect-991310cd-e9f3-47bc-b7b6-f57b557d07db'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"e2c1c086-2d84-4019-bff3-c44ccd95113c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{"effect":{"value":"[parameters(''effect-e2c1c086-2d84-4019-bff3-c44ccd95113c'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"8c122334-9d20-4eb8-89ea-ac9a705b74ae","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{"effect":{"value":"[parameters(''effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''effect-399b2637-a50f-4f95-96f8-3a145476eb15'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.3.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.1"},{"name":"CIS_Azure_1.3.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.2"},{"name":"CIS_Azure_1.3.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.3"},{"name":"CIS_Azure_1.3.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.4"},{"name":"CIS_Azure_1.3.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.5"},{"name":"CIS_Azure_1.3.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.6"},{"name":"CIS_Azure_1.3.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.7"},{"name":"CIS_Azure_1.3.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.8"},{"name":"CIS_Azure_1.3.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.9"},{"name":"CIS_Azure_1.3.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.10"},{"name":"CIS_Azure_1.3.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.11"},{"name":"CIS_Azure_1.3.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.12"},{"name":"CIS_Azure_1.3.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.13"},{"name":"CIS_Azure_1.3.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.14"},{"name":"CIS_Azure_1.3.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.15"},{"name":"CIS_Azure_1.3.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.16"},{"name":"CIS_Azure_1.3.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.17"},{"name":"CIS_Azure_1.3.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.18"},{"name":"CIS_Azure_1.3.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.19"},{"name":"CIS_Azure_1.3.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.20"},{"name":"CIS_Azure_1.3.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.21"},{"name":"CIS_Azure_1.3.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.22"},{"name":"CIS_Azure_1.3.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.23"},{"name":"CIS_Azure_1.3.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.1"},{"name":"CIS_Azure_1.3.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.2"},{"name":"CIS_Azure_1.3.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.3"},{"name":"CIS_Azure_1.3.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.4"},{"name":"CIS_Azure_1.3.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.5"},{"name":"CIS_Azure_1.3.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.6"},{"name":"CIS_Azure_1.3.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.7"},{"name":"CIS_Azure_1.3.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.8"},{"name":"CIS_Azure_1.3.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.9"},{"name":"CIS_Azure_1.3.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.10"},{"name":"CIS_Azure_1.3.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.11"},{"name":"CIS_Azure_1.3.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.12"},{"name":"CIS_Azure_1.3.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.13"},{"name":"CIS_Azure_1.3.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.14"},{"name":"CIS_Azure_1.3.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.15"},{"name":"CIS_Azure_1.3.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.1"},{"name":"CIS_Azure_1.3.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.2"},{"name":"CIS_Azure_1.3.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.3"},{"name":"CIS_Azure_1.3.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.4"},{"name":"CIS_Azure_1.3.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.5"},{"name":"CIS_Azure_1.3.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.6"},{"name":"CIS_Azure_1.3.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.7"},{"name":"CIS_Azure_1.3.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.8"},{"name":"CIS_Azure_1.3.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.9"},{"name":"CIS_Azure_1.3.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.10"},{"name":"CIS_Azure_1.3.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.11"},{"name":"CIS_Azure_1.3.0_4.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.1"},{"name":"CIS_Azure_1.3.0_4.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.2"},{"name":"CIS_Azure_1.3.0_4.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.3"},{"name":"CIS_Azure_1.3.0_4.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.1"},{"name":"CIS_Azure_1.3.0_4.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.2"},{"name":"CIS_Azure_1.3.0_4.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.3"},{"name":"CIS_Azure_1.3.0_4.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.4"},{"name":"CIS_Azure_1.3.0_4.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.5"},{"name":"CIS_Azure_1.3.0_4.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.1"},{"name":"CIS_Azure_1.3.0_4.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.2"},{"name":"CIS_Azure_1.3.0_4.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.3"},{"name":"CIS_Azure_1.3.0_4.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.4"},{"name":"CIS_Azure_1.3.0_4.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.5"},{"name":"CIS_Azure_1.3.0_4.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.6"},{"name":"CIS_Azure_1.3.0_4.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.7"},{"name":"CIS_Azure_1.3.0_4.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.8"},{"name":"CIS_Azure_1.3.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.4"},{"name":"CIS_Azure_1.3.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.5"},{"name":"CIS_Azure_1.3.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.1"},{"name":"CIS_Azure_1.3.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.2"},{"name":"CIS_Azure_1.3.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.3"},{"name":"CIS_Azure_1.3.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.4"},{"name":"CIS_Azure_1.3.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.5"},{"name":"CIS_Azure_1.3.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.1"},{"name":"CIS_Azure_1.3.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.2"},{"name":"CIS_Azure_1.3.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.3"},{"name":"CIS_Azure_1.3.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.4"},{"name":"CIS_Azure_1.3.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.5"},{"name":"CIS_Azure_1.3.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.6"},{"name":"CIS_Azure_1.3.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.7"},{"name":"CIS_Azure_1.3.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.8"},{"name":"CIS_Azure_1.3.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.9"},{"name":"CIS_Azure_1.3.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.3"},{"name":"CIS_Azure_1.3.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.1"},{"name":"CIS_Azure_1.3.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.2"},{"name":"CIS_Azure_1.3.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.3"},{"name":"CIS_Azure_1.3.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.4"},{"name":"CIS_Azure_1.3.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.5"},{"name":"CIS_Azure_1.3.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.6"},{"name":"CIS_Azure_1.3.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.1"},{"name":"CIS_Azure_1.3.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.2"},{"name":"CIS_Azure_1.3.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.3"},{"name":"CIS_Azure_1.3.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.4"},{"name":"CIS_Azure_1.3.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.5"},{"name":"CIS_Azure_1.3.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.6"},{"name":"CIS_Azure_1.3.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.7"},{"name":"CIS_Azure_1.3.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.1"},{"name":"CIS_Azure_1.3.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.2"},{"name":"CIS_Azure_1.3.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.3"},{"name":"CIS_Azure_1.3.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.4"},{"name":"CIS_Azure_1.3.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.5"},{"name":"CIS_Azure_1.3.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.1"},{"name":"CIS_Azure_1.3.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.2"},{"name":"CIS_Azure_1.3.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.3"},{"name":"CIS_Azure_1.3.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.4"},{"name":"CIS_Azure_1.3.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.5"},{"name":"CIS_Azure_1.3.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.6"},{"name":"CIS_Azure_1.3.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.7"},{"name":"CIS_Azure_1.3.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.8"},{"name":"CIS_Azure_1.3.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.9"},{"name":"CIS_Azure_1.3.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.10"},{"name":"CIS_Azure_1.3.0_9.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.11"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/612b5213-9160-4969-8578-1518bd2a000c","type":"Microsoft.Authorization/policySetDefinitions","name":"612b5213-9160-4969-8578-1518bd2a000c"},{"properties":{"displayName":"Flow + logs should be configured and enabled for every network security group","policyType":"BuiltIn","description":"Audit + for network security groups to verify if flow logs are configured and if flow + log status is enabled. Enabling flow logs allows to log information about + IP traffic flowing through network security group. It can be used for optimizing + network flows, monitoring throughput, verifying compliance, detecting intrusions + and more.","metadata":{"version":"1.0.0","category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"NetworkSecurityGroup_FlowLog_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41","parameters":{"effect":{"value":"[parameters(''effect'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"NetworkWatcherFlowLog_Enabled_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be","parameters":{"effect":{"value":"[parameters(''effect'')]"}},"groupNames":[]}],"policyDefinitionGroups":[]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/62329546-775b-4a3d-a4cb-eb4bb990d2c0","type":"Microsoft.Authorization/policySetDefinitions","name":"62329546-775b-4a3d-a4cb-eb4bb990d2c0"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest @@ -1700,13 +2255,13 @@ interactions: 27001:2013","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/iso27001-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/iso27001-init.","metadata":{"version":"4.0.2","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"[Deprecated]: + of resource types that should have resource logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["ISO27001-2013_A.9.2.5","ISO27001-2013_A.9.2.6"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["ISO27001-2013_A.9.2.5","ISO27001-2013_A.9.2.6"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.5"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.5"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.2.4"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["ISO27001-2013_A.6.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["ISO27001-2013_A.6.1.2"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["ISO27001-2013_A.12.5.1","ISO27001-2013_A.12.6.2"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["ISO27001-2013_A.8.2.1","ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["ISO27001-2013_A.13.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1","ISO27001-2013_A.13.2.1"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1","ISO27001-2013_A.13.2.1"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["ISO27001-2013_A.13.1.1"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]}],"policyDefinitionGroups":[{"name":"ISO27001-2013_A.5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.5.1.1"},{"name":"ISO27001-2013_A.5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.5.1.2"},{"name":"ISO27001-2013_A.6.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.1"},{"name":"ISO27001-2013_A.6.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.2"},{"name":"ISO27001-2013_A.6.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.3"},{"name":"ISO27001-2013_A.6.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.4"},{"name":"ISO27001-2013_A.6.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.5"},{"name":"ISO27001-2013_A.6.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.2.1"},{"name":"ISO27001-2013_A.6.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.2.2"},{"name":"ISO27001-2013_A.7.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.1.1"},{"name":"ISO27001-2013_A.7.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.1.2"},{"name":"ISO27001-2013_A.7.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.1"},{"name":"ISO27001-2013_A.7.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.2"},{"name":"ISO27001-2013_A.7.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.3"},{"name":"ISO27001-2013_A.7.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.3.1"},{"name":"ISO27001-2013_A.8.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.1"},{"name":"ISO27001-2013_A.8.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.2"},{"name":"ISO27001-2013_A.8.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.3"},{"name":"ISO27001-2013_A.8.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.4"},{"name":"ISO27001-2013_A.8.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.1"},{"name":"ISO27001-2013_A.8.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.2"},{"name":"ISO27001-2013_A.8.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.3"},{"name":"ISO27001-2013_A.8.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.1"},{"name":"ISO27001-2013_A.8.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.2"},{"name":"ISO27001-2013_A.8.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.3"},{"name":"ISO27001-2013_A.9.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.1.1"},{"name":"ISO27001-2013_A.9.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.1.2"},{"name":"ISO27001-2013_A.9.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.1"},{"name":"ISO27001-2013_A.9.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.2"},{"name":"ISO27001-2013_A.9.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.3"},{"name":"ISO27001-2013_A.9.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.4"},{"name":"ISO27001-2013_A.9.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.5"},{"name":"ISO27001-2013_A.9.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.6"},{"name":"ISO27001-2013_A.9.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.3.1"},{"name":"ISO27001-2013_A.9.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.1"},{"name":"ISO27001-2013_A.9.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.2"},{"name":"ISO27001-2013_A.9.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.3"},{"name":"ISO27001-2013_A.9.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.4"},{"name":"ISO27001-2013_A.9.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.5"},{"name":"ISO27001-2013_A.10.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.10.1.1"},{"name":"ISO27001-2013_A.10.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.10.1.2"},{"name":"ISO27001-2013_A.11.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.1"},{"name":"ISO27001-2013_A.11.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.2"},{"name":"ISO27001-2013_A.11.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.3"},{"name":"ISO27001-2013_A.11.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.4"},{"name":"ISO27001-2013_A.11.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.5"},{"name":"ISO27001-2013_A.11.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.6"},{"name":"ISO27001-2013_A.11.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.1"},{"name":"ISO27001-2013_A.11.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.2"},{"name":"ISO27001-2013_A.11.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.3"},{"name":"ISO27001-2013_A.11.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.4"},{"name":"ISO27001-2013_A.11.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.5"},{"name":"ISO27001-2013_A.11.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.6"},{"name":"ISO27001-2013_A.11.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.7"},{"name":"ISO27001-2013_A.11.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.8"},{"name":"ISO27001-2013_A.11.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.9"},{"name":"ISO27001-2013_A.12.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.1"},{"name":"ISO27001-2013_A.12.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.2"},{"name":"ISO27001-2013_A.12.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.3"},{"name":"ISO27001-2013_A.12.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.4"},{"name":"ISO27001-2013_A.12.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.2.1"},{"name":"ISO27001-2013_A.12.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.3.1"},{"name":"ISO27001-2013_A.12.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.1"},{"name":"ISO27001-2013_A.12.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.2"},{"name":"ISO27001-2013_A.12.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.3"},{"name":"ISO27001-2013_A.12.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.4"},{"name":"ISO27001-2013_A.12.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.5.1"},{"name":"ISO27001-2013_A.12.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.6.1"},{"name":"ISO27001-2013_A.12.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.6.2"},{"name":"ISO27001-2013_A.12.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.7.1"},{"name":"ISO27001-2013_A.13.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.1"},{"name":"ISO27001-2013_A.13.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.2"},{"name":"ISO27001-2013_A.13.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.3"},{"name":"ISO27001-2013_A.13.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.1"},{"name":"ISO27001-2013_A.13.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.2"},{"name":"ISO27001-2013_A.13.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.3"},{"name":"ISO27001-2013_A.13.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.4"},{"name":"ISO27001-2013_A.14.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.1"},{"name":"ISO27001-2013_A.14.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.2"},{"name":"ISO27001-2013_A.14.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.3"},{"name":"ISO27001-2013_A.14.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.1"},{"name":"ISO27001-2013_A.14.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.2"},{"name":"ISO27001-2013_A.14.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.3"},{"name":"ISO27001-2013_A.14.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.4"},{"name":"ISO27001-2013_A.14.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.5"},{"name":"ISO27001-2013_A.14.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.6"},{"name":"ISO27001-2013_A.14.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.7"},{"name":"ISO27001-2013_A.14.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.8"},{"name":"ISO27001-2013_A.14.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.9"},{"name":"ISO27001-2013_A.14.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.3.1"},{"name":"ISO27001-2013_A.15.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.1"},{"name":"ISO27001-2013_A.15.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.2"},{"name":"ISO27001-2013_A.15.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.3"},{"name":"ISO27001-2013_A.15.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.2.1"},{"name":"ISO27001-2013_A.15.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.2.2"},{"name":"ISO27001-2013_A.16.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.1"},{"name":"ISO27001-2013_A.16.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.2"},{"name":"ISO27001-2013_A.16.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.3"},{"name":"ISO27001-2013_A.16.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.4"},{"name":"ISO27001-2013_A.16.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.5"},{"name":"ISO27001-2013_A.16.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.6"},{"name":"ISO27001-2013_A.16.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.7"},{"name":"ISO27001-2013_A.17.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.1"},{"name":"ISO27001-2013_A.17.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.2"},{"name":"ISO27001-2013_A.17.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.3"},{"name":"ISO27001-2013_A.17.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.2.1"},{"name":"ISO27001-2013_A.18.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.1"},{"name":"ISO27001-2013_A.18.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.2"},{"name":"ISO27001-2013_A.18.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.3"},{"name":"ISO27001-2013_A.18.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.4"},{"name":"ISO27001-2013_A.18.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.5"},{"name":"ISO27001-2013_A.18.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.1"},{"name":"ISO27001-2013_A.18.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.2"},{"name":"ISO27001-2013_A.18.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"[Deprecated]: Audit Windows web servers that are not using secure communication protocols","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For @@ -1718,7 +2273,7 @@ interactions: DOD Impact Level 4","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of DOD Impact Level 4 (IL4) controls. Additional policies will be - added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint.","metadata":{"version":"5.0.0-deprecated","category":"Regulatory + added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint.","metadata":{"version":"6.0.1-deprecated","category":"Regulatory Compliance","deprecated":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Deprecated]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -1734,7 +2289,7 @@ interactions: local group; Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"[Deprecated]: Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) of the Log Analytics workspace where VMs agents should report"}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"[Deprecated]: - List of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfLocations":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfLocations":{"type":"Array","metadata":{"displayName":"[Deprecated]: List of regions where Network Watcher should be enabled","description":"To see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Vulnerability assessment should be enabled on SQL Managed @@ -1757,7 +2312,7 @@ interactions: Effect for policy: Geo-redundant backup should be enabled for Azure Database for PostgreSQL","description":"Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: - Adaptive Network Hardening recommendations should be applied on internet facing + Adaptive network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Web Application should only be accessible over HTTPS","description":"Azure @@ -1795,7 +2350,7 @@ interactions: more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Long-term geo-redundant backup should be enabled for Azure SQL Databases","description":"Azure Policy effect for this policy; for more - information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilitiesSecurityConfigurationsRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"kubernetesServicesUpgradedToNonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{}},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"securityContactPhoneNumberShouldBeProvidedForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{}},{"policyDefinitionReferenceId":"microsftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{}},{"policyDefinitionReferenceId":"NetworkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133","type":"Microsoft.Authorization/policySetDefinitions","name":"8d792a84-723c-4d92-a3c3-e4ed16a2d133"},{"properties":{"displayName":"[Deprecated]: + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilitiesSecurityConfigurationsRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"kubernetesServicesUpgradedToNonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{}},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{}},{"policyDefinitionReferenceId":"microsftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{}},{"policyDefinitionReferenceId":"NetworkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133","type":"Microsoft.Authorization/policySetDefinitions","name":"8d792a84-723c-4d92-a3c3-e4ed16a2d133"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs on which the specified services are not installed and ''Running''","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and ''Running''. For more @@ -1808,7 +2363,7 @@ interactions: initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/mpaa-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + For more information, visit https://aka.ms/mpaa-blueprint.","metadata":{"version":"4.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -1837,10 +2392,10 @@ interactions: required metric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Audit unrestricted network access to storage accounts","description":"Enable or disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: - Diagnostic logs in Logic Apps should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: - Required retention (in days) of diagnostic logs in Logic Apps workflows","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + Resource logs in Logic Apps should be enabled","description":"Enable or disable + the monitoring of resource logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention (in days) of resource logs in Logic Apps workflows","description":"The + required resource logs retention period in days"},"defaultValue":"365"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated","description":"Enable or disable monitoring of virtual machine scale sets OS vulnerabilities "},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"String","metadata":{"displayName":"[Preview]: @@ -1853,7 +2408,10 @@ interactions: must enable this policy setting."},"defaultValue":"1"},"vulnerabilityAssessmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"[Preview]: + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"[Preview]: + A vulnerability assessment solution should be enabled on your virtual machines","description":"Enable + or disable the detection of virtual machine vulnerabilities by Azure Security + Center vulnerability assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"[Preview]: Users or groups that may access this computer from the network","description":"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."},"defaultValue":"Administrators, @@ -1995,8 +2553,8 @@ interactions: of Service Bus namespace authorization rules"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services","description":"Enable or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: - Diagnostic logs in Search services should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"[Preview]: + Resource logs in Search services should be enabled","description":"Enable + or disable the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"[Preview]: Microsoft network client: Digitally sign communications (always)","description":"Specifies whether packet signing is required by the SMB client component."},"defaultValue":"1"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"String","metadata":{"displayName":"[Preview]: Microsoft network client: Send unencrypted password to third-party SMB servers","description":"Specifies @@ -2073,7 +2631,7 @@ interactions: or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountPoolDeleteStartEffect'')]"},"metricName":{"value":"[parameters(''MetricName'')]"}}},{"policyDefinitionReferenceId":"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3b823c9-e0fc-4453-9fb2-8213b7338523","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"applicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingForNetworkInterfaces","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","parameters":{}},{"policyDefinitionReferenceId":"sqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineWindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"windowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"windowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"windowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"windowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"windowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"windowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"windowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"windowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"windowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"windowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"windowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"windowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"windowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"windowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"windowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"windowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6c69680-54f0-4349-af10-94dd05f4225e","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"microsoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1417908b-4bff-46ee-a2a6-4acc899320ab","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"expirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"certificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"certificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"includeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"deployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''StoragePrefix'')]"},"rgName":{"value":"[parameters(''RgName'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"accountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"networkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"networkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8","type":"Microsoft.Authorization/policySetDefinitions","name":"92646f03-e39d-47a9-9e24-58d60ef49af8"},{"properties":{"displayName":"[Preview]: + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountPoolDeleteStartEffect'')]"},"metricName":{"value":"[parameters(''MetricName'')]"}}},{"policyDefinitionReferenceId":"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3b823c9-e0fc-4453-9fb2-8213b7338523","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"applicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingForNetworkInterfaces","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","parameters":{}},{"policyDefinitionReferenceId":"sqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineWindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"windowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"windowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"windowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"windowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"windowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"windowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"windowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"windowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"windowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"windowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"windowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"windowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"windowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"windowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"windowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"windowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6c69680-54f0-4349-af10-94dd05f4225e","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"microsoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1417908b-4bff-46ee-a2a6-4acc899320ab","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"expirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"certificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"certificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"includeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"deployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''StoragePrefix'')]"},"rgName":{"value":"[parameters(''RgName'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"accountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"networkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"networkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8","type":"Microsoft.Authorization/policySetDefinitions","name":"92646f03-e39d-47a9-9e24-58d60ef49af8"},{"properties":{"displayName":"[Preview]: Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.","metadata":{"version":"1.0.0-preview","category":"Security @@ -2088,10 +2646,17 @@ interactions: starting with Windows 10/Windows Server with update 1709. Setting this value to ''Non-Compliant'' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. - Setting this value to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"HITRUST/HIPAA","policyType":"BuiltIn","description":"This + Setting this value to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"[Preview]: + Deploy - Configure prerequisites to enable Azure Monitor and Azure Security + agents on virtual machines","policyType":"BuiltIn","description":"Configure + machines to automatically install the Azure Monitor and Azure Security agents. + Security Center collects events from the agents and uses them to provide security + alerts and tailored hardening tasks (recommendations). Create a resource group + and Log Analytics workspace in the same region as the machine to store audit + records. This policy only applies to VMs in a few regions.","metadata":{"category":"Monitoring","version":"1.0.0-preview","preview":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e"},{"policyDefinitionReferenceId":"ASC_DeployAzureSecurityLinuxAgent","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2"},{"policyDefinitionReferenceId":"ASC_DeployAzureSecurityWindowsAgent","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a15f3269-2e10-458c-87a4-d5989e678a73","type":"Microsoft.Authorization/policySetDefinitions","name":"a15f3269-2e10-458c-87a4-d5989e678a73"},{"properties":{"displayName":"HITRUST/HIPAA","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will - be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.","metadata":{"version":"4.1.0","category":"Regulatory + be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.","metadata":{"version":"5.1.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -2116,7 +2681,7 @@ interactions: of workspace IDs where Log Analytics agents should connect","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"},"defaultValue":""},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled","description":"Audit + of resource types that should have resource logs enabled","description":"Audit diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToInclude":{"type":"String","metadata":{"displayName":"List of users that must be included in Windows VM Administrators group","description":"A semicolon-separated list of members that should be included in the Administrators @@ -2131,29 +2696,29 @@ interactions: Name","description":"Administrative Operation name for which activity log alert should be configured"},"allowedValues":["Microsoft.Sql/servers/firewallRules/write","Microsoft.Sql/servers/firewallRules/delete","Microsoft.Network/networkSecurityGroups/write","Microsoft.Network/networkSecurityGroups/delete","Microsoft.ClassicNetwork/networkSecurityGroups/write","Microsoft.ClassicNetwork/networkSecurityGroups/delete","Microsoft.Network/networkSecurityGroups/securityRules/write","Microsoft.Network/networkSecurityGroups/securityRules/delete","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"],"defaultValue":"Microsoft.Sql/servers/firewallRules/write"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual network where VMs should be connected","description":"Resource Id of the virtual - network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"},"defaultValue":""},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"},"defaultValue":""},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Batch accounts should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL + resource logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL Managed Instance TDE protector should be encrypted with your own key","description":"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk encryption should be applied on virtual machines","description":"Enable or - disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Search services should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability + resource logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability assessment should be enabled on SQL Managed Instance","description":"Audit each SQL Managed Instance which doesn''t have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable insecure guest logons","description":"Specifies whether the SMB client will allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow simultaneous connections to the Internet or a Windows Domain","description":"Specify @@ -2211,15 +2776,15 @@ interactions: ports should be closed on your virtual machines","description":"Enable or disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated","description":"Enable - or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Event Hub should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System + resource logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System updates on virtual machine scale sets should be installed","description":"Enable - or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Virtual Machine Scale Sets should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System + or disable the monitoring of resource logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System updates should be installed on your machines","description":"Enable or disable reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts: Guest account status","description":"Specifies whether the local Guest account @@ -2305,8 +2870,7 @@ interactions: Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."},"defaultValue":"1"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect + retention period (days) for resource logs"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect for policy: [Only secure connections to your Redis Cache should be enabled]","description":"Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect for policy: [Secure transfer to storage accounts should be enabled]","description":"Azure @@ -2374,7 +2938,7 @@ interactions: Detect application installations and prompt for elevation","description":"Specifies the behavior of application installation detection for the computer."},"defaultValue":"1"},"uacRunAllAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC: Run all administrators in Admin Approval Mode","description":"Specifies the - behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["hipaa-1205.09aa2System.1-09.aa"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["hipaa-0302.09o2Organizational.1-09.o"]},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["hipaa-0301.09o1Organizational.123-09.o"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}},"groupNames":["hipaa-0635.10k1Organizational.12-10.k","hipaa-0636.10k2Organizational.1-10.k","hipaa-0637.10k2Organizational.2-10.k","hipaa-0638.10k2Organizational.34569-10.k","hipaa-0639.10k2Organizational.78-10.k","hipaa-0640.10k2Organizational.1012-10.k","hipaa-0641.10k2Organizational.11-10.k","hipaa-0642.10k3Organizational.12-10.k","hipaa-0643.10k3Organizational.3-10.k","hipaa-0644.10k3Organizational.4-10.k"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["hipaa-1634.12b1Organizational.1-12.b","hipaa-1638.12b2Organizational.345-12.b"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0710.10m2Organizational.1-10.m","hipaa-0719.10m3Organizational.5-10.m"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0712.10m2Organizational.4-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m"]},{"policyDefinitionReferenceId":"AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0914.09s1Organizational.6-09.s","hipaa-1196.01l3Organizational.24-01.l"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["hipaa-0835.09n1Organizational.1-09.n"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0866.09m3Organizational.1516-09.m"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j","hipaa-0607.10h2System.23-10.h","hipaa-1197.01l3Organizational.3-01.l"]},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}},"groupNames":["hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"groupNames":["hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0912.09s1Organizational.4-09.s","hipaa-1194.01l2Organizational.2-01.l"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"groupNames":["hipaa-0945.09y1Organizational.3-09.y"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1404.05i2Organizational.1-05.i"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1117.01j1Organizational.23-01.j","hipaa-1173.01j1Organizational.6-01.j","hipaa-1177.01j2Organizational.6-01.j","hipaa-11110.01q1Organizational.6-01.q"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m","hipaa-11180.01c3System.6-01.c","hipaa-1119.01j2Organizational.3-01.j","hipaa-1175.01j1Organizational.8-01.j","hipaa-1179.01j3Organizational.1-01.j","hipaa-1192.01l1Organizational.1-01.l"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1116.01j1Organizational.145-01.j","hipaa-1121.01j3Organizational.2-01.j","hipaa-1176.01j2Organizational.5-01.j","hipaa-11109.01q1Organizational.57-01.q"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["hipaa-1149.01c2System.9-01.c","hipaa-1153.01c3System.35-01.c","hipaa-1229.09c1Organizational.1-09.c"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}},"groupNames":["hipaa-1148.01c2System.78-01.c"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["hipaa-1143.01c1System.123-01.c","hipaa-1150.01c2System.10-01.c","hipaa-1193.01l2Organizational.13-01.l"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["hipaa-0607.10h2System.23-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0714.10m2Organizational.7-10.m","hipaa-0717.10m3Organizational.2-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["hipaa-1206.09aa2System.23-09.aa"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"groupNames":["hipaa-1637.12b2Organizational.2-12.b"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["hipaa-1620.09l1Organizational.8-09.l","hipaa-1625.09l3Organizational.34-09.l","hipaa-1699.09l1Organizational.10-09.l"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{},"groupNames":["hipaa-0836.09.n2Organizational.1-09.n","hipaa-0885.09n2Organizational.3-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["hipaa-0902.09s2Organizational.13-09.s","hipaa-0960.09sCSPOrganizational.1-09.s"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0859.09m1Organizational.78-09.m"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["hipaa-1145.01c2System.1-01.c","hipaa-1152.01c3System.2-01.c","hipaa-11208.01q1Organizational.8-01.q"]},{"policyDefinitionReferenceId":"keyVaultObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["hipaa-0913.09s1Organizational.5-09.s","hipaa-1325.09s1Organizational.3-09.s","hipaa-1195.01l3Organizational.1-01.l"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["hipaa-1619.09l1Organizational.7-09.l","hipaa-1624.09l3Organizational.12-09.l","hipaa-1627.09l3Organizational.6-09.l"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["hipaa-1276.09c2Organizational.2-09.c","hipaa-1278.09c2Organizational.56-09.c"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}},"groupNames":["hipaa-11210.01q2Organizational.10-01.q","hipaa-1125.01q2System.1-01.q"]},{"policyDefinitionReferenceId":"azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["hipaa-1212.09ab1System.1-09.ab","hipaa-1219.09ab3System.10-09.ab"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0946.09y2Organizational.14-09.y","hipaa-1451.05iCSPOrganizational.2-05.i"]},{"policyDefinitionReferenceId":"serviceBusShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"unattachedDisksShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["hipaa-0303.09o2Organizational.2-09.o"]},{"policyDefinitionReferenceId":"appServiceShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{},"groupNames":["hipaa-0835.09n1Organizational.1-09.n","hipaa-0887.09n2Organizational.5-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1203.09aa1System.2-09.aa"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["hipaa-0911.09s1Organizational.2-09.s"]},{"policyDefinitionReferenceId":"gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m"]},{"policyDefinitionReferenceId":"diagnosticLogsInIoTHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1204.09aa1System.3-09.aa"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0943.09y1Organizational.1-09.y","hipaa-1401.05i1Organizational.1239-05.i"]},{"policyDefinitionReferenceId":"azureMonitorShouldCollectActivityLogsFromAllRegions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["hipaa-1120.09ab3System.9-09.ab","hipaa-1214.09ab2System.3456-09.ab"]},{"policyDefinitionReferenceId":"automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["hipaa-1213.09ab2System.128-09.ab","hipaa-1220.09ab3System.56-09.ab"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["hipaa-1618.09l1Organizational.45-09.l","hipaa-1623.09l2Organizational.4-09.l","hipaa-1626.09l3Organizational.5-09.l"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["hipaa-1144.01c1System.4-01.c","hipaa-1151.01c3System.1-01.c","hipaa-1154.01c3System.4-01.c","hipaa-11112.01q2Organizational.67-01.q"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0711.10m2Organizational.23-10.m"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["hipaa-0901.09s1Organizational.1-09.s","hipaa-0916.09s2Organizational.4-09.s"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificates(IncomingClientCertificates)SetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["hipaa-0662.09sCSPOrganizational.2-09.s","hipaa-0915.09s2Organizational.2-09.s"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0867.09m3Organizational.17-09.m"]},{"policyDefinitionReferenceId":"auditWindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"workspaceId":{"value":"[parameters(''workspaceId'')]"}},"groupNames":["hipaa-12102.09ab1Organizational.4-09.ab","hipaa-1217.09ab3System.3-09.ab"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1402.05i1Organizational.45-05.i"]},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''usersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''usersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''usersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''usersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''usersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''usersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''usersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''usersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''userAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''usersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''usersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"groupNames":["hipaa-1232.09c3Organizational.12-09.c"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["hipaa-1617.09l1Organizational.23-09.l","hipaa-1622.09l2Organizational.23-09.l"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}},"groupNames":["hipaa-11211.01q2Organizational.11-01.q","hipaa-1127.01q2System.3-01.q"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["hipaa-1148.01c2System.78-01.c","hipaa-1230.09c2Organizational.1-09.c"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1403.05i1Organizational.67-05.i"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["hipaa-12100.09ab2System.15-09.ab","hipaa-1215.09ab2System.7-09.ab"]},{"policyDefinitionReferenceId":"sqlServerShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0862.09m2Organizational.8-09.m"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["hipaa-1209.09aa3System.2-09.aa"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["hipaa-0837.09.n2Organizational.2-09.n","hipaa-0886.09n2Organizational.4-09.n","hipaa-0888.09n2Organizational.6-09.n"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"members":{"value":"[parameters(''members'')]"}},"groupNames":["hipaa-1123.01q1System.2-01.q"]},{"policyDefinitionReferenceId":"auditSpecificAdministrativeOperationsWithoutActivityLogAlerts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"[parameters(''operationName'')]"}},"groupNames":["hipaa-1270.09ad1System.12-09.ad","hipaa-1271.09ad1System.1-09.ad"]},{"policyDefinitionReferenceId":"microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"containerRegistryShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0868.09m3Organizational.18-09.m","hipaa-0869.09m3Organizational.19-09.m","hipaa-0870.09m3Organizational.20-09.m","hipaa-0871.09m3Organizational.22-09.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0947.09y2Organizational.2-09.y","hipaa-1450.05i2Organizational.2-05.i"]},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["hipaa-1616.09l1Organizational.16-09.l","hipaa-1621.09l2Organizational.1-09.l"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"effect":{"value":"[parameters(''virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect'')]"},"virtualNetworkId":{"value":"[parameters(''virtualNetworkId'')]"}},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"eventHubShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0863.09m2Organizational.910-09.m"]},{"policyDefinitionReferenceId":"cosmosDBShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0864.09m2Organizational.12-09.m"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["hipaa-0605.10h1System.12-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0713.10m2Organizational.5-10.m","hipaa-0718.10m3Organizational.34-10.m"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["hipaa-1118.01j2Organizational.124-01.j","hipaa-1174.01j1Organizational.7-01.j","hipaa-1178.01j2Organizational.7-01.j","hipaa-11111.01q2System.4-01.q"]},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"uacAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''uacAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"uacDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''uacDetectApplicationInstallationsAndPromptForElevation'')]"},"uacRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacRunAllAdministratorsInAdminApprovalMode'')]"}},"groupNames":["hipaa-1277.09c2Organizational.4-09.c"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0948.09y2Organizational.3-09.y","hipaa-1418.05i1Organizational.8-05.i"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["hipaa-0606.10h2System.1-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0715.10m2Organizational.8-10.m"]},{"policyDefinitionReferenceId":"keyVaultShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0865.09m2Organizational.13-09.m"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["hipaa-1147.01c2System.456-01.c"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["hipaa-12101.09ab1Organizational.3-09.ab","hipaa-1216.09ab3System.12-09.ab"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["hipaa-1146.01c2System.23-01.c"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0716.10m3Organizational.1-10.m"]}],"policyDefinitionGroups":[{"name":"hipaa-0101.00a1Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"},{"name":"hipaa-0102.00a2Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"},{"name":"hipaa-0103.00a3Organizational.1234567-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"},{"name":"hipaa-0104.02a1Organizational.12-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"},{"name":"hipaa-0105.02a2Organizational.1-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"},{"name":"hipaa-0106.02a2Organizational.23-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"},{"name":"hipaa-0107.02d1Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"},{"name":"hipaa-0108.02d1Organizational.23-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"},{"name":"hipaa-0109.02d1Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"},{"name":"hipaa-0110.02d2Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"},{"name":"hipaa-0111.02d2Organizational.2-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"},{"name":"hipaa-01110.05a1Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"},{"name":"hipaa-01111.05a2Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"},{"name":"hipaa-0112.02d2Organizational.3-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"},{"name":"hipaa-0113.04a1Organizational.123-04.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"},{"name":"hipaa-0114.04b1Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"},{"name":"hipaa-0115.04b2Organizational.123-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"},{"name":"hipaa-0116.04b3Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"},{"name":"hipaa-0117.05a1Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"},{"name":"hipaa-0118.05a1Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"},{"name":"hipaa-0119.05a1Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"},{"name":"hipaa-0120.05a1Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"},{"name":"hipaa-0121.05a2Organizational.12-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"},{"name":"hipaa-0122.05a2Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"},{"name":"hipaa-0123.05a2Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"},{"name":"hipaa-0124.05a3Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"},{"name":"hipaa-0125.05a3Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"},{"name":"hipaa-0135.02f1Organizational.56-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"},{"name":"hipaa-0137.02a1Organizational.3-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"},{"name":"hipaa-0162.04b1Organizational.2-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"},{"name":"hipaa-0165.05a3Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"},{"name":"hipaa-0177.05h1Organizational.12-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"},{"name":"hipaa-0178.05h1Organizational.3-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"},{"name":"hipaa-0179.05h1Organizational.4-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"},{"name":"hipaa-0180.05h2Organizational.1-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"},{"name":"hipaa-0197.02d2Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"},{"name":"hipaa-0201.09j1Organizational.124-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"},{"name":"hipaa-0202.09j1Organizational.3-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"},{"name":"hipaa-0204.09j2Organizational.1-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"},{"name":"hipaa-0205.09j2Organizational.2-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"},{"name":"hipaa-0206.09j2Organizational.34-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"},{"name":"hipaa-0207.09j2Organizational.56-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"},{"name":"hipaa-0208.09j2Organizational.7-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"},{"name":"hipaa-0209.09m3Organizational.7-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"},{"name":"hipaa-0214.09j1Organizational.6-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"},{"name":"hipaa-0215.09j2Organizational.8-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"},{"name":"hipaa-0216.09j2Organizational.9-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"},{"name":"hipaa-0217.09j2Organizational.10-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"},{"name":"hipaa-0219.09j2Organizational.12-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"},{"name":"hipaa-0225.09k1Organizational.1-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"},{"name":"hipaa-0226.09k1Organizational.2-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"},{"name":"hipaa-0227.09k2Organizational.12-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"},{"name":"hipaa-0228.09k2Organizational.3-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"},{"name":"hipaa-0301.09o1Organizational.123-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"},{"name":"hipaa-0302.09o2Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"},{"name":"hipaa-0303.09o2Organizational.2-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"},{"name":"hipaa-0304.09o3Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"},{"name":"hipaa-0305.09q1Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"},{"name":"hipaa-0306.09q1Organizational.3-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"},{"name":"hipaa-0307.09q2Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"},{"name":"hipaa-0308.09q3Organizational.1-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"},{"name":"hipaa-0314.09q3Organizational.2-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"},{"name":"hipaa-0401.01x1System.124579-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"},{"name":"hipaa-0403.01x1System.8-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"},{"name":"hipaa-0404.01x1System.1011-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"},{"name":"hipaa-0405.01y1Organizational.12345678-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"},{"name":"hipaa-0407.01y2Organizational.1-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"},{"name":"hipaa-0408.01y3Organizational.12-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"},{"name":"hipaa-0409.01y3Organizational.3-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"},{"name":"hipaa-0410.01x1System.12-01.xMobileComputingandCommunications","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"},{"name":"hipaa-0415.01y1Organizational.10-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"},{"name":"hipaa-0416.01y3Organizational.4-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"},{"name":"hipaa-0417.01y3Organizational.5-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"},{"name":"hipaa-0425.01x1System.13-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"},{"name":"hipaa-0426.01x2System.1-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"},{"name":"hipaa-0427.01x2System.2-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"},{"name":"hipaa-0428.01x2System.3-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"},{"name":"hipaa-0429.01x1System.14-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"},{"name":"hipaa-0501.09m1Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"},{"name":"hipaa-0502.09m1Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"},{"name":"hipaa-0503.09m1Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"},{"name":"hipaa-0504.09m2Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"},{"name":"hipaa-0505.09m2Organizational.3-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"},{"name":"hipaa-0601.06g1Organizational.124-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"},{"name":"hipaa-0602.06g1Organizational.3-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"},{"name":"hipaa-0603.06g2Organizational.1-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"},{"name":"hipaa-0604.06g2Organizational.2-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"},{"name":"hipaa-0605.10h1System.12-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"},{"name":"hipaa-0606.10h2System.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"},{"name":"hipaa-0607.10h2System.23-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"},{"name":"hipaa-0613.06h1Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"},{"name":"hipaa-0614.06h2Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"},{"name":"hipaa-0615.06h2Organizational.3-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"},{"name":"hipaa-0618.09b1System.1-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"},{"name":"hipaa-0619.09b2System.12-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"},{"name":"hipaa-0620.09b2System.3-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"},{"name":"hipaa-0626.10h1System.3-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"},{"name":"hipaa-0627.10h1System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"},{"name":"hipaa-0628.10h1System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"},{"name":"hipaa-0629.10h2System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"},{"name":"hipaa-0630.10h2System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"},{"name":"hipaa-0635.10k1Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"},{"name":"hipaa-0636.10k2Organizational.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"},{"name":"hipaa-0637.10k2Organizational.2-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"},{"name":"hipaa-0638.10k2Organizational.34569-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"},{"name":"hipaa-0639.10k2Organizational.78-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"},{"name":"hipaa-0640.10k2Organizational.1012-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"},{"name":"hipaa-0641.10k2Organizational.11-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"},{"name":"hipaa-0642.10k3Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"},{"name":"hipaa-0643.10k3Organizational.3-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"},{"name":"hipaa-0644.10k3Organizational.4-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"},{"name":"hipaa-0662.09sCSPOrganizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"},{"name":"hipaa-0663.10h1System.7-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"},{"name":"hipaa-0663.10h2Organizational.9-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"},{"name":"hipaa-0664.10h2Organizational.10-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"},{"name":"hipaa-0669.10hCSPSystem.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"},{"name":"hipaa-0670.10hCSPSystem.2-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"},{"name":"hipaa-0671.10k1System.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"},{"name":"hipaa-0672.10k3System.5-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"},{"name":"hipaa-068.06g2Organizational.34-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"},{"name":"hipaa-069.06g2Organizational.56-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"},{"name":"hipaa-0701.07a1Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"},{"name":"hipaa-0702.07a1Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"},{"name":"hipaa-0703.07a2Organizational.1-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"},{"name":"hipaa-0704.07a3Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"},{"name":"hipaa-0705.07a3Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"},{"name":"hipaa-0706.10b1System.12-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"},{"name":"hipaa-0707.10b2System.1-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"},{"name":"hipaa-0708.10b2System.2-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"},{"name":"hipaa-0709.10m1Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"},{"name":"hipaa-0710.10m2Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"},{"name":"hipaa-0711.10m2Organizational.23-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"},{"name":"hipaa-0712.10m2Organizational.4-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"},{"name":"hipaa-0713.10m2Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"},{"name":"hipaa-0714.10m2Organizational.7-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"},{"name":"hipaa-0715.10m2Organizational.8-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"},{"name":"hipaa-0716.10m3Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"},{"name":"hipaa-0717.10m3Organizational.2-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"},{"name":"hipaa-0718.10m3Organizational.34-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"},{"name":"hipaa-0719.10m3Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"},{"name":"hipaa-0720.07a1Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"},{"name":"hipaa-0721.07a1Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"},{"name":"hipaa-0722.07a1Organizational.67-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"},{"name":"hipaa-0723.07a1Organizational.8-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"},{"name":"hipaa-0724.07a3Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"},{"name":"hipaa-0725.07a3Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"},{"name":"hipaa-0733.10b2System.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"},{"name":"hipaa-0786.10m2Organizational.13-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"},{"name":"hipaa-0787.10m2Organizational.14-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"},{"name":"hipaa-0788.10m3Organizational.20-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"},{"name":"hipaa-0789.10m3Organizational.21-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"},{"name":"hipaa-0790.10m3Organizational.22-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"},{"name":"hipaa-0791.10b2Organizational.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"},{"name":"hipaa-0805.01m1Organizational.12-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"},{"name":"hipaa-0806.01m2Organizational.12356-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"},{"name":"hipaa-0808.10b2System.3-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"},{"name":"hipaa-0809.01n2Organizational.1234-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"},{"name":"hipaa-0810.01n2Organizational.5-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"},{"name":"hipaa-08101.09m2Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"},{"name":"hipaa-08102.09nCSPOrganizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"},{"name":"hipaa-0811.01n2Organizational.6-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"},{"name":"hipaa-0812.01n2Organizational.8-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"},{"name":"hipaa-0814.01n1Organizational.12-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"},{"name":"hipaa-0815.01o2Organizational.123-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"},{"name":"hipaa-0816.01w1System.1-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"},{"name":"hipaa-0817.01w2System.123-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"},{"name":"hipaa-0818.01w3System.12-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"},{"name":"hipaa-0819.09m1Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"},{"name":"hipaa-0820.09m2Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"},{"name":"hipaa-0821.09m2Organizational.2-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"},{"name":"hipaa-0822.09m2Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"},{"name":"hipaa-0824.09m3Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"},{"name":"hipaa-0825.09m3Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"},{"name":"hipaa-0826.09m3Organizational.45-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"},{"name":"hipaa-0827.09m3Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"},{"name":"hipaa-0828.09m3Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"},{"name":"hipaa-0829.09m3Organizational.911-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"},{"name":"hipaa-0830.09m3Organizational.1012-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"},{"name":"hipaa-0832.09m3Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"},{"name":"hipaa-0835.09n1Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"},{"name":"hipaa-0836.09.n2Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"},{"name":"hipaa-0837.09.n2Organizational.2-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"},{"name":"hipaa-0850.01o1Organizational.12-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"},{"name":"hipaa-0858.09m1Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"},{"name":"hipaa-0859.09m1Organizational.78-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"},{"name":"hipaa-0860.09m1Organizational.9-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"},{"name":"hipaa-0861.09m2Organizational.67-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"},{"name":"hipaa-0862.09m2Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"},{"name":"hipaa-0863.09m2Organizational.910-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"},{"name":"hipaa-0864.09m2Organizational.12-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"},{"name":"hipaa-0865.09m2Organizational.13-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"},{"name":"hipaa-0866.09m3Organizational.1516-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"},{"name":"hipaa-0867.09m3Organizational.17-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"},{"name":"hipaa-0868.09m3Organizational.18-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"},{"name":"hipaa-0869.09m3Organizational.19-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"},{"name":"hipaa-0870.09m3Organizational.20-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"},{"name":"hipaa-0871.09m3Organizational.22-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"},{"name":"hipaa-0885.09n2Organizational.3-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"},{"name":"hipaa-0886.09n2Organizational.4-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"},{"name":"hipaa-0887.09n2Organizational.5-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"},{"name":"hipaa-0888.09n2Organizational.6-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"},{"name":"hipaa-0894.01m2Organizational.7-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"},{"name":"hipaa-0901.09s1Organizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"},{"name":"hipaa-0902.09s2Organizational.13-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"},{"name":"hipaa-0903.10f1Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"},{"name":"hipaa-0904.10f2Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"},{"name":"hipaa-0911.09s1Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"},{"name":"hipaa-0912.09s1Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"},{"name":"hipaa-0913.09s1Organizational.5-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"},{"name":"hipaa-0914.09s1Organizational.6-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"},{"name":"hipaa-0915.09s2Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"},{"name":"hipaa-0916.09s2Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"},{"name":"hipaa-0925.09v1Organizational.1-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"},{"name":"hipaa-0926.09v1Organizational.2-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"},{"name":"hipaa-0927.09v1Organizational.3-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"},{"name":"hipaa-0928.09v1Organizational.45-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"},{"name":"hipaa-0929.09v1Organizational.6-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"},{"name":"hipaa-0938.09x1Organizational.1-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"},{"name":"hipaa-0939.09x2Organizational.12-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"},{"name":"hipaa-0940.09x2Organizational.3-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"},{"name":"hipaa-0941.09x2Organizational.4-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"},{"name":"hipaa-0942.09x2Organizational.5-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"},{"name":"hipaa-0943.09y1Organizational.1-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"},{"name":"hipaa-0944.09y1Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"},{"name":"hipaa-0945.09y1Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"},{"name":"hipaa-0946.09y2Organizational.14-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"},{"name":"hipaa-0947.09y2Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"},{"name":"hipaa-0948.09y2Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"},{"name":"hipaa-0949.09y2Organizational.5-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"},{"name":"hipaa-0960.09sCSPOrganizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"},{"name":"hipaa-0961.09v1Organizational.7-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"},{"name":"hipaa-099.09m2Organizational.11-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"},{"name":"hipaa-1002.01d1System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"},{"name":"hipaa-1003.01d1System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"},{"name":"hipaa-1004.01d1System.8913-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"},{"name":"hipaa-1005.01d1System.1011-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"},{"name":"hipaa-1006.01d2System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"},{"name":"hipaa-1007.01d2System.2-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"},{"name":"hipaa-1008.01d2System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"},{"name":"hipaa-1009.01d2System.4-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"},{"name":"hipaa-1010.01d2System.5-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"},{"name":"hipaa-1014.01d1System.12-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"},{"name":"hipaa-1015.01d1System.14-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"},{"name":"hipaa-1022.01d1System.15-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"},{"name":"hipaa-1027.01d2System.6-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"},{"name":"hipaa-1031.01d1System.34510-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"},{"name":"hipaa-1106.01b1System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"},{"name":"hipaa-1107.01b1System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"},{"name":"hipaa-1108.01b1System.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"},{"name":"hipaa-1109.01b1System.479-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"},{"name":"hipaa-1110.01b1System.5-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"},{"name":"hipaa-11109.01q1Organizational.57-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"},{"name":"hipaa-1111.01b2System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"},{"name":"hipaa-11110.01q1Organizational.6-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"},{"name":"hipaa-11111.01q2System.4-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"},{"name":"hipaa-11112.01q2Organizational.67-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"},{"name":"hipaa-1112.01b2System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"},{"name":"hipaa-11126.01t1Organizational.12-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"},{"name":"hipaa-1114.01h1Organizational.123-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"},{"name":"hipaa-1115.01h1Organizational.45-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"},{"name":"hipaa-11154.02i1Organizational.5-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"},{"name":"hipaa-11155.02i2Organizational.2-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"},{"name":"hipaa-1116.01j1Organizational.145-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"},{"name":"hipaa-1117.01j1Organizational.23-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"},{"name":"hipaa-1118.01j2Organizational.124-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"},{"name":"hipaa-11180.01c3System.6-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"},{"name":"hipaa-1119.01j2Organizational.3-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"},{"name":"hipaa-11190.01t1Organizational.3-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"},{"name":"hipaa-1120.09ab3System.9-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"},{"name":"hipaa-11200.01b2Organizational.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"},{"name":"hipaa-11208.01q1Organizational.8-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"},{"name":"hipaa-11209.01q2Organizational.9-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"},{"name":"hipaa-1121.01j3Organizational.2-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"},{"name":"hipaa-11210.01q2Organizational.10-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"},{"name":"hipaa-11211.01q2Organizational.11-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"},{"name":"hipaa-11219.01b1Organizational.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"},{"name":"hipaa-1122.01q1System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"},{"name":"hipaa-11220.01b1System.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"},{"name":"hipaa-1123.01q1System.2-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"},{"name":"hipaa-1124.01q1System.34-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"},{"name":"hipaa-1125.01q2System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"},{"name":"hipaa-1127.01q2System.3-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"},{"name":"hipaa-1128.01q2System.5-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"},{"name":"hipaa-1129.01v1System.12-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"},{"name":"hipaa-1130.01v2System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"},{"name":"hipaa-1131.01v2System.2-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"},{"name":"hipaa-1132.01v2System.3-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"},{"name":"hipaa-1133.01v2System.4-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"},{"name":"hipaa-1134.01v3System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"},{"name":"hipaa-1135.02i1Organizational.1234-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"},{"name":"hipaa-1136.02i2Organizational.1-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"},{"name":"hipaa-1137.06e1Organizational.1-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"},{"name":"hipaa-1138.06e2Organizational.12-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"},{"name":"hipaa-1139.01b1System.68-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"},{"name":"hipaa-1143.01c1System.123-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"},{"name":"hipaa-1144.01c1System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"},{"name":"hipaa-1145.01c2System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"},{"name":"hipaa-1146.01c2System.23-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"},{"name":"hipaa-1147.01c2System.456-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"},{"name":"hipaa-1148.01c2System.78-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"},{"name":"hipaa-1149.01c2System.9-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"},{"name":"hipaa-1150.01c2System.10-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"},{"name":"hipaa-1151.01c3System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"},{"name":"hipaa-1152.01c3System.2-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"},{"name":"hipaa-1153.01c3System.35-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"},{"name":"hipaa-1154.01c3System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"},{"name":"hipaa-1166.01e1System.12-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"},{"name":"hipaa-1167.01e2System.1-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"},{"name":"hipaa-1168.01e2System.2-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"},{"name":"hipaa-1173.01j1Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"},{"name":"hipaa-1174.01j1Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"},{"name":"hipaa-1175.01j1Organizational.8-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"},{"name":"hipaa-1176.01j2Organizational.5-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"},{"name":"hipaa-1177.01j2Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"},{"name":"hipaa-1178.01j2Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"},{"name":"hipaa-1179.01j3Organizational.1-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"},{"name":"hipaa-1192.01l1Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"},{"name":"hipaa-1193.01l2Organizational.13-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"},{"name":"hipaa-1194.01l2Organizational.2-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"},{"name":"hipaa-1195.01l3Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"},{"name":"hipaa-1196.01l3Organizational.24-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"},{"name":"hipaa-1197.01l3Organizational.3-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"},{"name":"hipaa-1201.06e1Organizational.2-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"},{"name":"hipaa-1202.09aa1System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"},{"name":"hipaa-1203.09aa1System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"},{"name":"hipaa-1204.09aa1System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"},{"name":"hipaa-1205.09aa2System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"},{"name":"hipaa-1206.09aa2System.23-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"},{"name":"hipaa-1207.09aa2System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"},{"name":"hipaa-1208.09aa3System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"},{"name":"hipaa-1209.09aa3System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"},{"name":"hipaa-1210.09aa3System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"},{"name":"hipaa-12100.09ab2System.15-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"},{"name":"hipaa-12101.09ab1Organizational.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"},{"name":"hipaa-12102.09ab1Organizational.4-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"},{"name":"hipaa-12103.09ab1Organizational.5-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"},{"name":"hipaa-1211.09aa3System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"},{"name":"hipaa-1212.09ab1System.1-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"},{"name":"hipaa-1213.09ab2System.128-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"},{"name":"hipaa-1214.09ab2System.3456-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"},{"name":"hipaa-1215.09ab2System.7-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"},{"name":"hipaa-1216.09ab3System.12-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"},{"name":"hipaa-1217.09ab3System.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"},{"name":"hipaa-1218.09ab3System.47-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"},{"name":"hipaa-1219.09ab3System.10-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"},{"name":"hipaa-1220.09ab3System.56-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"},{"name":"hipaa-1222.09ab3System.8-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"},{"name":"hipaa-1229.09c1Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"},{"name":"hipaa-1230.09c2Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"},{"name":"hipaa-1231.09c2Organizational.23-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"},{"name":"hipaa-1232.09c3Organizational.12-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"},{"name":"hipaa-1233.09c3Organizational.3-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"},{"name":"hipaa-1270.09ad1System.12-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"},{"name":"hipaa-1271.09ad1System.1-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"},{"name":"hipaa-1276.09c2Organizational.2-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"},{"name":"hipaa-1277.09c2Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"},{"name":"hipaa-1278.09c2Organizational.56-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"},{"name":"hipaa-1279.09c3Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"},{"name":"hipaa-1301.02e1Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"},{"name":"hipaa-1302.02e2Organizational.134-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"},{"name":"hipaa-1303.02e2Organizational.2-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"},{"name":"hipaa-1304.02e3Organizational.1-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"},{"name":"hipaa-1305.02e3Organizational.23-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"},{"name":"hipaa-1306.06e1Organizational.5-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"},{"name":"hipaa-1307.07c1Organizational.124-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"},{"name":"hipaa-1308.09j1Organizational.5-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"},{"name":"hipaa-1309.01x1System.36-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"},{"name":"hipaa-1310.01y1Organizational.9-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"},{"name":"hipaa-1311.12c2Organizational.3-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"},{"name":"hipaa-1313.02e1Organizational.3-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"},{"name":"hipaa-1314.02e2Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"},{"name":"hipaa-1315.02e2Organizational.67-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"},{"name":"hipaa-1324.07c1Organizational.3-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"},{"name":"hipaa-1325.09s1Organizational.3-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"},{"name":"hipaa-1326.02e1Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"},{"name":"hipaa-1327.02e2Organizational.8-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"},{"name":"hipaa-1331.02e3Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"},{"name":"hipaa-1334.02e2Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"},{"name":"hipaa-1336.02e1Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"},{"name":"hipaa-1401.05i1Organizational.1239-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"},{"name":"hipaa-1402.05i1Organizational.45-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"},{"name":"hipaa-1403.05i1Organizational.67-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"},{"name":"hipaa-1404.05i2Organizational.1-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"},{"name":"hipaa-1406.05k1Organizational.110-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"},{"name":"hipaa-1407.05k2Organizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"},{"name":"hipaa-1408.09e1System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"},{"name":"hipaa-1409.09e2System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"},{"name":"hipaa-1410.09e2System.23-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"},{"name":"hipaa-1411.09f1System.1-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"},{"name":"hipaa-1412.09f2System.12-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"},{"name":"hipaa-1413.09f2System.3-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"},{"name":"hipaa-1416.10l1Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"},{"name":"hipaa-1417.10l2Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"},{"name":"hipaa-1418.05i1Organizational.8-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"},{"name":"hipaa-1419.05j1Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"},{"name":"hipaa-1421.05j2Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"},{"name":"hipaa-1422.05j2Organizational.3-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"},{"name":"hipaa-1423.05j2Organizational.4-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"},{"name":"hipaa-1424.05j2Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"},{"name":"hipaa-1428.05k1Organizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"},{"name":"hipaa-1429.05k1Organizational.34-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"},{"name":"hipaa-1430.05k1Organizational.56-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"},{"name":"hipaa-1431.05k1Organizational.7-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"},{"name":"hipaa-1432.05k1Organizational.89-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"},{"name":"hipaa-1438.09e2System.4-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"},{"name":"hipaa-1442.09f2System.456-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"},{"name":"hipaa-1450.05i2Organizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"},{"name":"hipaa-1451.05iCSPOrganizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"},{"name":"hipaa-1452.05kCSPOrganizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"},{"name":"hipaa-1453.05kCSPOrganizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"},{"name":"hipaa-1454.05kCSPOrganizational.3-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"},{"name":"hipaa-1455.05kCSPOrganizational.4-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"},{"name":"hipaa-1464.09e2Organizational.5-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"},{"name":"hipaa-1501.02f1Organizational.123-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"},{"name":"hipaa-1502.02f1Organizational.4-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"},{"name":"hipaa-1503.02f2Organizational.12-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"},{"name":"hipaa-1504.06e1Organizational.34-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"},{"name":"hipaa-1505.11a1Organizational.13-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"},{"name":"hipaa-1506.11a1Organizational.2-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"},{"name":"hipaa-1507.11a1Organizational.4-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"},{"name":"hipaa-1508.11a2Organizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"},{"name":"hipaa-1509.11a2Organizational.236-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"},{"name":"hipaa-1510.11a2Organizational.47-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"},{"name":"hipaa-1511.11a2Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"},{"name":"hipaa-1512.11a2Organizational.8-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"},{"name":"hipaa-1514.11a3Organizational.12-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"},{"name":"hipaa-1515.11a3Organizational.3-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"},{"name":"hipaa-1516.11c1Organizational.12-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"},{"name":"hipaa-1517.11c1Organizational.3-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"},{"name":"hipaa-1518.11c2Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"},{"name":"hipaa-1519.11c2Organizational.2-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"},{"name":"hipaa-1520.11c2Organizational.4-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"},{"name":"hipaa-1521.11c2Organizational.56-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"},{"name":"hipaa-1522.11c3Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"},{"name":"hipaa-1523.11c3Organizational.24-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"},{"name":"hipaa-1524.11a1Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"},{"name":"hipaa-1525.11a1Organizational.6-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"},{"name":"hipaa-1560.11d1Organizational.1-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"},{"name":"hipaa-1561.11d2Organizational.14-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"},{"name":"hipaa-1562.11d2Organizational.2-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"},{"name":"hipaa-1563.11d2Organizational.3-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"},{"name":"hipaa-1577.11aCSPOrganizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"},{"name":"hipaa-1581.02f1Organizational.7-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"},{"name":"hipaa-1587.11c2Organizational.10-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"},{"name":"hipaa-1589.11c1Organizational.5-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"},{"name":"hipaa-1601.12c1Organizational.1238-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"},{"name":"hipaa-1602.12c1Organizational.4567-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"},{"name":"hipaa-1603.12c1Organizational.9-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"},{"name":"hipaa-1604.12c2Organizational.16789-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"},{"name":"hipaa-1605.12c2Organizational.2-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"},{"name":"hipaa-1607.12c2Organizational.4-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"},{"name":"hipaa-1608.12c2Organizational.5-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"},{"name":"hipaa-1609.12c3Organizational.12-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"},{"name":"hipaa-1616.09l1Organizational.16-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"},{"name":"hipaa-1617.09l1Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"},{"name":"hipaa-1618.09l1Organizational.45-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"},{"name":"hipaa-1619.09l1Organizational.7-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"},{"name":"hipaa-1620.09l1Organizational.8-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"},{"name":"hipaa-1621.09l2Organizational.1-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"},{"name":"hipaa-1622.09l2Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"},{"name":"hipaa-1623.09l2Organizational.4-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"},{"name":"hipaa-1624.09l3Organizational.12-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"},{"name":"hipaa-1625.09l3Organizational.34-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"},{"name":"hipaa-1626.09l3Organizational.5-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"},{"name":"hipaa-1627.09l3Organizational.6-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"},{"name":"hipaa-1634.12b1Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"},{"name":"hipaa-1635.12b1Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"},{"name":"hipaa-1636.12b2Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"},{"name":"hipaa-1637.12b2Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"},{"name":"hipaa-1638.12b2Organizational.345-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"},{"name":"hipaa-1666.12d1Organizational.1235-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"},{"name":"hipaa-1667.12d1Organizational.4-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"},{"name":"hipaa-1668.12d1Organizational.67-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"},{"name":"hipaa-1669.12d1Organizational.8-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"},{"name":"hipaa-1670.12d2Organizational.1-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"},{"name":"hipaa-1671.12d2Organizational.2-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"},{"name":"hipaa-1672.12d2Organizational.3-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"},{"name":"hipaa-1699.09l1Organizational.10-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"},{"name":"hipaa-1704.03b1Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"},{"name":"hipaa-1705.03b2Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"},{"name":"hipaa-1706.03b1Organizational.3-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"},{"name":"hipaa-1707.03c1Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"},{"name":"hipaa-1708.03c2Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"},{"name":"hipaa-17101.10a3Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"},{"name":"hipaa-17120.10a3Organizational.5-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"},{"name":"hipaa-17126.03c1System.6-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"},{"name":"hipaa-1713.03c1Organizational.3-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"},{"name":"hipaa-1733.03d1Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"},{"name":"hipaa-1734.03d2Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"},{"name":"hipaa-1735.03d2Organizational.23-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"},{"name":"hipaa-1736.03d2Organizational.4-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"},{"name":"hipaa-1737.03d2Organizational.5-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"},{"name":"hipaa-1780.10a1Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"},{"name":"hipaa-1781.10a1Organizational.23-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"},{"name":"hipaa-1782.10a1Organizational.4-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"},{"name":"hipaa-1783.10a1Organizational.56-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"},{"name":"hipaa-1784.10a1Organizational.7-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"},{"name":"hipaa-1785.10a1Organizational.8-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"},{"name":"hipaa-1786.10a1Organizational.9-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"},{"name":"hipaa-1787.10a2Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"},{"name":"hipaa-1788.10a2Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"},{"name":"hipaa-1789.10a2Organizational.3-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"},{"name":"hipaa-1790.10a2Organizational.45-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"},{"name":"hipaa-1791.10a2Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"},{"name":"hipaa-1792.10a2Organizational.7814-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"},{"name":"hipaa-1793.10a2Organizational.91011-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"},{"name":"hipaa-1794.10a2Organizational.12-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"},{"name":"hipaa-1795.10a2Organizational.13-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"},{"name":"hipaa-1796.10a2Organizational.15-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"},{"name":"hipaa-1797.10a3Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"},{"name":"hipaa-1798.10a3Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"},{"name":"hipaa-1799.10a3Organizational.34-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"},{"name":"hipaa-1801.08b1Organizational.124-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"},{"name":"hipaa-1802.08b1Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"},{"name":"hipaa-1803.08b1Organizational.5-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"},{"name":"hipaa-1804.08b2Organizational.12-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"},{"name":"hipaa-1805.08b2Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"},{"name":"hipaa-1806.08b2Organizational.4-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"},{"name":"hipaa-1807.08b2Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"},{"name":"hipaa-1808.08b2Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"},{"name":"hipaa-1809.08b3Organizational.1-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"},{"name":"hipaa-1810.08b3Organizational.2-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"},{"name":"hipaa-18108.08j1Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"},{"name":"hipaa-18109.08j1Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"},{"name":"hipaa-1811.08b3Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"},{"name":"hipaa-18110.08j1Organizational.5-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"},{"name":"hipaa-18111.08j1Organizational.6-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"},{"name":"hipaa-18112.08j3Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"},{"name":"hipaa-1812.08b3Organizational.46-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"},{"name":"hipaa-18127.08l1Organizational.3-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"},{"name":"hipaa-1813.08b3Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"},{"name":"hipaa-18130.09p1Organizational.24-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"},{"name":"hipaa-18131.09p1Organizational.3-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"},{"name":"hipaa-1814.08d1Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"},{"name":"hipaa-18145.08b3Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"},{"name":"hipaa-18146.08b3Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"},{"name":"hipaa-1815.08d2Organizational.123-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"},{"name":"hipaa-1816.08d2Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"},{"name":"hipaa-1817.08d3Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"},{"name":"hipaa-1818.08d3Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"},{"name":"hipaa-1819.08j1Organizational.23-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"},{"name":"hipaa-1820.08j2Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"},{"name":"hipaa-1821.08j2Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"},{"name":"hipaa-1822.08j2Organizational.2-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"},{"name":"hipaa-1823.08j3Organizational.12-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"},{"name":"hipaa-1824.08j3Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"},{"name":"hipaa-1825.08l1Organizational.12456-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"},{"name":"hipaa-1826.09p1Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"},{"name":"hipaa-1827.09p2Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"},{"name":"hipaa-1844.08b1Organizational.6-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"},{"name":"hipaa-1845.08b1Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"},{"name":"hipaa-1846.08b2Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"},{"name":"hipaa-1847.08b2Organizational.910-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"},{"name":"hipaa-1848.08b2Organizational.11-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"},{"name":"hipaa-1862.08d1Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"},{"name":"hipaa-1863.08d1Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"},{"name":"hipaa-1901.06d1Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"},{"name":"hipaa-1902.06d1Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"},{"name":"hipaa-1903.06d1Organizational.3456711-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"},{"name":"hipaa-1904.06.d2Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"},{"name":"hipaa-1906.06.c1Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"},{"name":"hipaa-1907.06.c1Organizational.3-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"},{"name":"hipaa-1908.06.c1Organizational.4-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"},{"name":"hipaa-1911.06d1Organizational.13-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"},{"name":"hipaa-19134.05j1Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"},{"name":"hipaa-19141.06c1Organizational.7-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"},{"name":"hipaa-19142.06c1Organizational.8-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"},{"name":"hipaa-19143.06c1Organizational.9-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"},{"name":"hipaa-19144.06c2Organizational.1-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"},{"name":"hipaa-19145.06c2Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"},{"name":"hipaa-19242.06d1Organizational.14-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"},{"name":"hipaa-19243.06d1Organizational.15-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"},{"name":"hipaa-19245.06d2Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Kubernetes + behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["hipaa-1205.09aa2System.1-09.aa"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["hipaa-0302.09o2Organizational.1-09.o"]},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["hipaa-0301.09o1Organizational.123-09.o"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}},"groupNames":["hipaa-0635.10k1Organizational.12-10.k","hipaa-0636.10k2Organizational.1-10.k","hipaa-0637.10k2Organizational.2-10.k","hipaa-0638.10k2Organizational.34569-10.k","hipaa-0639.10k2Organizational.78-10.k","hipaa-0640.10k2Organizational.1012-10.k","hipaa-0641.10k2Organizational.11-10.k","hipaa-0642.10k3Organizational.12-10.k","hipaa-0643.10k3Organizational.3-10.k","hipaa-0644.10k3Organizational.4-10.k"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["hipaa-1634.12b1Organizational.1-12.b","hipaa-1638.12b2Organizational.345-12.b"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0710.10m2Organizational.1-10.m","hipaa-0719.10m3Organizational.5-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m"]},{"policyDefinitionReferenceId":"AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0914.09s1Organizational.6-09.s","hipaa-1196.01l3Organizational.24-01.l"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["hipaa-0835.09n1Organizational.1-09.n"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0866.09m3Organizational.1516-09.m"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j","hipaa-0607.10h2System.23-10.h","hipaa-1197.01l3Organizational.3-01.l"]},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}},"groupNames":["hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"groupNames":["hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0912.09s1Organizational.4-09.s","hipaa-1194.01l2Organizational.2-01.l"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"groupNames":["hipaa-0945.09y1Organizational.3-09.y"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1404.05i2Organizational.1-05.i"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1117.01j1Organizational.23-01.j","hipaa-1173.01j1Organizational.6-01.j","hipaa-1177.01j2Organizational.6-01.j","hipaa-11110.01q1Organizational.6-01.q"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m","hipaa-11180.01c3System.6-01.c","hipaa-1119.01j2Organizational.3-01.j","hipaa-1175.01j1Organizational.8-01.j","hipaa-1179.01j3Organizational.1-01.j","hipaa-1192.01l1Organizational.1-01.l"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1116.01j1Organizational.145-01.j","hipaa-1121.01j3Organizational.2-01.j","hipaa-1176.01j2Organizational.5-01.j","hipaa-11109.01q1Organizational.57-01.q"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["hipaa-1149.01c2System.9-01.c","hipaa-1153.01c3System.35-01.c","hipaa-1229.09c1Organizational.1-09.c"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}},"groupNames":["hipaa-1148.01c2System.78-01.c"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["hipaa-1143.01c1System.123-01.c","hipaa-1150.01c2System.10-01.c","hipaa-1193.01l2Organizational.13-01.l"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["hipaa-0607.10h2System.23-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0714.10m2Organizational.7-10.m","hipaa-0717.10m3Organizational.2-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["hipaa-1206.09aa2System.23-09.aa"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"groupNames":["hipaa-1637.12b2Organizational.2-12.b"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["hipaa-1620.09l1Organizational.8-09.l","hipaa-1625.09l3Organizational.34-09.l","hipaa-1699.09l1Organizational.10-09.l"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{},"groupNames":["hipaa-0836.09.n2Organizational.1-09.n","hipaa-0885.09n2Organizational.3-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["hipaa-0902.09s2Organizational.13-09.s","hipaa-0960.09sCSPOrganizational.1-09.s"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0859.09m1Organizational.78-09.m"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["hipaa-1145.01c2System.1-01.c","hipaa-1152.01c3System.2-01.c","hipaa-11208.01q1Organizational.8-01.q"]},{"policyDefinitionReferenceId":"keyVaultObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["hipaa-0913.09s1Organizational.5-09.s","hipaa-1325.09s1Organizational.3-09.s","hipaa-1195.01l3Organizational.1-01.l"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["hipaa-1619.09l1Organizational.7-09.l","hipaa-1624.09l3Organizational.12-09.l","hipaa-1627.09l3Organizational.6-09.l"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["hipaa-1276.09c2Organizational.2-09.c","hipaa-1278.09c2Organizational.56-09.c"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}},"groupNames":["hipaa-11210.01q2Organizational.10-01.q","hipaa-1125.01q2System.1-01.q"]},{"policyDefinitionReferenceId":"azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["hipaa-1212.09ab1System.1-09.ab","hipaa-1219.09ab3System.10-09.ab"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0946.09y2Organizational.14-09.y","hipaa-1451.05iCSPOrganizational.2-05.i"]},{"policyDefinitionReferenceId":"serviceBusShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"unattachedDisksShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["hipaa-0303.09o2Organizational.2-09.o"]},{"policyDefinitionReferenceId":"appServiceShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{},"groupNames":["hipaa-0835.09n1Organizational.1-09.n","hipaa-0887.09n2Organizational.5-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1203.09aa1System.2-09.aa"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["hipaa-0911.09s1Organizational.2-09.s"]},{"policyDefinitionReferenceId":"gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m"]},{"policyDefinitionReferenceId":"diagnosticLogsInIoTHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1204.09aa1System.3-09.aa"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0943.09y1Organizational.1-09.y","hipaa-1401.05i1Organizational.1239-05.i"]},{"policyDefinitionReferenceId":"azureMonitorShouldCollectActivityLogsFromAllRegions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["hipaa-1120.09ab3System.9-09.ab","hipaa-1214.09ab2System.3456-09.ab"]},{"policyDefinitionReferenceId":"automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["hipaa-1213.09ab2System.128-09.ab","hipaa-1220.09ab3System.56-09.ab"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["hipaa-1618.09l1Organizational.45-09.l","hipaa-1623.09l2Organizational.4-09.l","hipaa-1626.09l3Organizational.5-09.l"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["hipaa-1144.01c1System.4-01.c","hipaa-1151.01c3System.1-01.c","hipaa-1154.01c3System.4-01.c","hipaa-11112.01q2Organizational.67-01.q"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0711.10m2Organizational.23-10.m"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["hipaa-0901.09s1Organizational.1-09.s","hipaa-0916.09s2Organizational.4-09.s"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificates(IncomingClientCertificates)SetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["hipaa-0662.09sCSPOrganizational.2-09.s","hipaa-0915.09s2Organizational.2-09.s"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0867.09m3Organizational.17-09.m"]},{"policyDefinitionReferenceId":"auditWindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"workspaceId":{"value":"[parameters(''workspaceId'')]"}},"groupNames":["hipaa-12102.09ab1Organizational.4-09.ab","hipaa-1217.09ab3System.3-09.ab"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1402.05i1Organizational.45-05.i"]},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''usersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''usersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''usersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''usersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''usersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''usersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''usersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''usersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''userAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''usersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''usersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"groupNames":["hipaa-1232.09c3Organizational.12-09.c"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["hipaa-1617.09l1Organizational.23-09.l","hipaa-1622.09l2Organizational.23-09.l"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}},"groupNames":["hipaa-11211.01q2Organizational.11-01.q","hipaa-1127.01q2System.3-01.q"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["hipaa-1148.01c2System.78-01.c","hipaa-1230.09c2Organizational.1-09.c"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1403.05i1Organizational.67-05.i"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["hipaa-12100.09ab2System.15-09.ab","hipaa-1215.09ab2System.7-09.ab"]},{"policyDefinitionReferenceId":"sqlServerShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0862.09m2Organizational.8-09.m"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["hipaa-1209.09aa3System.2-09.aa"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["hipaa-0837.09.n2Organizational.2-09.n","hipaa-0886.09n2Organizational.4-09.n","hipaa-0888.09n2Organizational.6-09.n"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"members":{"value":"[parameters(''members'')]"}},"groupNames":["hipaa-1123.01q1System.2-01.q"]},{"policyDefinitionReferenceId":"auditSpecificAdministrativeOperationsWithoutActivityLogAlerts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"[parameters(''operationName'')]"}},"groupNames":["hipaa-1270.09ad1System.12-09.ad","hipaa-1271.09ad1System.1-09.ad"]},{"policyDefinitionReferenceId":"microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"containerRegistryShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0868.09m3Organizational.18-09.m","hipaa-0869.09m3Organizational.19-09.m","hipaa-0870.09m3Organizational.20-09.m","hipaa-0871.09m3Organizational.22-09.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0947.09y2Organizational.2-09.y","hipaa-1450.05i2Organizational.2-05.i"]},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["hipaa-1616.09l1Organizational.16-09.l","hipaa-1621.09l2Organizational.1-09.l"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"effect":{"value":"[parameters(''virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect'')]"},"virtualNetworkId":{"value":"[parameters(''virtualNetworkId'')]"}},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"eventHubShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0863.09m2Organizational.910-09.m"]},{"policyDefinitionReferenceId":"cosmosDBShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0864.09m2Organizational.12-09.m"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["hipaa-0605.10h1System.12-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0713.10m2Organizational.5-10.m","hipaa-0718.10m3Organizational.34-10.m"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["hipaa-1118.01j2Organizational.124-01.j","hipaa-1174.01j1Organizational.7-01.j","hipaa-1178.01j2Organizational.7-01.j","hipaa-11111.01q2System.4-01.q"]},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"uacAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''uacAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"uacDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''uacDetectApplicationInstallationsAndPromptForElevation'')]"},"uacRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacRunAllAdministratorsInAdminApprovalMode'')]"}},"groupNames":["hipaa-1277.09c2Organizational.4-09.c"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0948.09y2Organizational.3-09.y","hipaa-1418.05i1Organizational.8-05.i"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["hipaa-0606.10h2System.1-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0715.10m2Organizational.8-10.m"]},{"policyDefinitionReferenceId":"keyVaultShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0865.09m2Organizational.13-09.m"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["hipaa-1147.01c2System.456-01.c"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["hipaa-12101.09ab1Organizational.3-09.ab","hipaa-1216.09ab3System.12-09.ab"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["hipaa-1146.01c2System.23-01.c"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0716.10m3Organizational.1-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInManagedHsmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"managedHsmObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]}],"policyDefinitionGroups":[{"name":"hipaa-0101.00a1Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"},{"name":"hipaa-0102.00a2Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"},{"name":"hipaa-0103.00a3Organizational.1234567-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"},{"name":"hipaa-0104.02a1Organizational.12-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"},{"name":"hipaa-0105.02a2Organizational.1-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"},{"name":"hipaa-0106.02a2Organizational.23-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"},{"name":"hipaa-0107.02d1Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"},{"name":"hipaa-0108.02d1Organizational.23-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"},{"name":"hipaa-0109.02d1Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"},{"name":"hipaa-0110.02d2Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"},{"name":"hipaa-0111.02d2Organizational.2-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"},{"name":"hipaa-01110.05a1Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"},{"name":"hipaa-01111.05a2Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"},{"name":"hipaa-0112.02d2Organizational.3-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"},{"name":"hipaa-0113.04a1Organizational.123-04.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"},{"name":"hipaa-0114.04b1Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"},{"name":"hipaa-0115.04b2Organizational.123-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"},{"name":"hipaa-0116.04b3Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"},{"name":"hipaa-0117.05a1Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"},{"name":"hipaa-0118.05a1Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"},{"name":"hipaa-0119.05a1Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"},{"name":"hipaa-0120.05a1Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"},{"name":"hipaa-0121.05a2Organizational.12-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"},{"name":"hipaa-0122.05a2Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"},{"name":"hipaa-0123.05a2Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"},{"name":"hipaa-0124.05a3Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"},{"name":"hipaa-0125.05a3Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"},{"name":"hipaa-0135.02f1Organizational.56-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"},{"name":"hipaa-0137.02a1Organizational.3-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"},{"name":"hipaa-0162.04b1Organizational.2-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"},{"name":"hipaa-0165.05a3Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"},{"name":"hipaa-0177.05h1Organizational.12-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"},{"name":"hipaa-0178.05h1Organizational.3-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"},{"name":"hipaa-0179.05h1Organizational.4-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"},{"name":"hipaa-0180.05h2Organizational.1-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"},{"name":"hipaa-0197.02d2Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"},{"name":"hipaa-0201.09j1Organizational.124-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"},{"name":"hipaa-0202.09j1Organizational.3-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"},{"name":"hipaa-0204.09j2Organizational.1-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"},{"name":"hipaa-0205.09j2Organizational.2-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"},{"name":"hipaa-0206.09j2Organizational.34-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"},{"name":"hipaa-0207.09j2Organizational.56-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"},{"name":"hipaa-0208.09j2Organizational.7-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"},{"name":"hipaa-0209.09m3Organizational.7-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"},{"name":"hipaa-0214.09j1Organizational.6-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"},{"name":"hipaa-0215.09j2Organizational.8-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"},{"name":"hipaa-0216.09j2Organizational.9-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"},{"name":"hipaa-0217.09j2Organizational.10-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"},{"name":"hipaa-0219.09j2Organizational.12-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"},{"name":"hipaa-0225.09k1Organizational.1-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"},{"name":"hipaa-0226.09k1Organizational.2-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"},{"name":"hipaa-0227.09k2Organizational.12-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"},{"name":"hipaa-0228.09k2Organizational.3-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"},{"name":"hipaa-0301.09o1Organizational.123-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"},{"name":"hipaa-0302.09o2Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"},{"name":"hipaa-0303.09o2Organizational.2-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"},{"name":"hipaa-0304.09o3Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"},{"name":"hipaa-0305.09q1Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"},{"name":"hipaa-0306.09q1Organizational.3-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"},{"name":"hipaa-0307.09q2Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"},{"name":"hipaa-0308.09q3Organizational.1-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"},{"name":"hipaa-0314.09q3Organizational.2-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"},{"name":"hipaa-0401.01x1System.124579-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"},{"name":"hipaa-0403.01x1System.8-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"},{"name":"hipaa-0404.01x1System.1011-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"},{"name":"hipaa-0405.01y1Organizational.12345678-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"},{"name":"hipaa-0407.01y2Organizational.1-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"},{"name":"hipaa-0408.01y3Organizational.12-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"},{"name":"hipaa-0409.01y3Organizational.3-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"},{"name":"hipaa-0410.01x1System.12-01.xMobileComputingandCommunications","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"},{"name":"hipaa-0415.01y1Organizational.10-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"},{"name":"hipaa-0416.01y3Organizational.4-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"},{"name":"hipaa-0417.01y3Organizational.5-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"},{"name":"hipaa-0425.01x1System.13-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"},{"name":"hipaa-0426.01x2System.1-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"},{"name":"hipaa-0427.01x2System.2-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"},{"name":"hipaa-0428.01x2System.3-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"},{"name":"hipaa-0429.01x1System.14-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"},{"name":"hipaa-0501.09m1Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"},{"name":"hipaa-0502.09m1Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"},{"name":"hipaa-0503.09m1Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"},{"name":"hipaa-0504.09m2Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"},{"name":"hipaa-0505.09m2Organizational.3-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"},{"name":"hipaa-0601.06g1Organizational.124-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"},{"name":"hipaa-0602.06g1Organizational.3-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"},{"name":"hipaa-0603.06g2Organizational.1-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"},{"name":"hipaa-0604.06g2Organizational.2-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"},{"name":"hipaa-0605.10h1System.12-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"},{"name":"hipaa-0606.10h2System.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"},{"name":"hipaa-0607.10h2System.23-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"},{"name":"hipaa-0613.06h1Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"},{"name":"hipaa-0614.06h2Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"},{"name":"hipaa-0615.06h2Organizational.3-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"},{"name":"hipaa-0618.09b1System.1-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"},{"name":"hipaa-0619.09b2System.12-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"},{"name":"hipaa-0620.09b2System.3-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"},{"name":"hipaa-0626.10h1System.3-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"},{"name":"hipaa-0627.10h1System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"},{"name":"hipaa-0628.10h1System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"},{"name":"hipaa-0629.10h2System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"},{"name":"hipaa-0630.10h2System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"},{"name":"hipaa-0635.10k1Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"},{"name":"hipaa-0636.10k2Organizational.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"},{"name":"hipaa-0637.10k2Organizational.2-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"},{"name":"hipaa-0638.10k2Organizational.34569-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"},{"name":"hipaa-0639.10k2Organizational.78-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"},{"name":"hipaa-0640.10k2Organizational.1012-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"},{"name":"hipaa-0641.10k2Organizational.11-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"},{"name":"hipaa-0642.10k3Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"},{"name":"hipaa-0643.10k3Organizational.3-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"},{"name":"hipaa-0644.10k3Organizational.4-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"},{"name":"hipaa-0662.09sCSPOrganizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"},{"name":"hipaa-0663.10h1System.7-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"},{"name":"hipaa-0663.10h2Organizational.9-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"},{"name":"hipaa-0664.10h2Organizational.10-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"},{"name":"hipaa-0669.10hCSPSystem.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"},{"name":"hipaa-0670.10hCSPSystem.2-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"},{"name":"hipaa-0671.10k1System.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"},{"name":"hipaa-0672.10k3System.5-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"},{"name":"hipaa-068.06g2Organizational.34-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"},{"name":"hipaa-069.06g2Organizational.56-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"},{"name":"hipaa-0701.07a1Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"},{"name":"hipaa-0702.07a1Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"},{"name":"hipaa-0703.07a2Organizational.1-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"},{"name":"hipaa-0704.07a3Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"},{"name":"hipaa-0705.07a3Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"},{"name":"hipaa-0706.10b1System.12-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"},{"name":"hipaa-0707.10b2System.1-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"},{"name":"hipaa-0708.10b2System.2-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"},{"name":"hipaa-0709.10m1Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"},{"name":"hipaa-0710.10m2Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"},{"name":"hipaa-0711.10m2Organizational.23-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"},{"name":"hipaa-0712.10m2Organizational.4-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"},{"name":"hipaa-0713.10m2Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"},{"name":"hipaa-0714.10m2Organizational.7-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"},{"name":"hipaa-0715.10m2Organizational.8-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"},{"name":"hipaa-0716.10m3Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"},{"name":"hipaa-0717.10m3Organizational.2-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"},{"name":"hipaa-0718.10m3Organizational.34-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"},{"name":"hipaa-0719.10m3Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"},{"name":"hipaa-0720.07a1Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"},{"name":"hipaa-0721.07a1Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"},{"name":"hipaa-0722.07a1Organizational.67-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"},{"name":"hipaa-0723.07a1Organizational.8-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"},{"name":"hipaa-0724.07a3Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"},{"name":"hipaa-0725.07a3Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"},{"name":"hipaa-0733.10b2System.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"},{"name":"hipaa-0786.10m2Organizational.13-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"},{"name":"hipaa-0787.10m2Organizational.14-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"},{"name":"hipaa-0788.10m3Organizational.20-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"},{"name":"hipaa-0789.10m3Organizational.21-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"},{"name":"hipaa-0790.10m3Organizational.22-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"},{"name":"hipaa-0791.10b2Organizational.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"},{"name":"hipaa-0805.01m1Organizational.12-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"},{"name":"hipaa-0806.01m2Organizational.12356-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"},{"name":"hipaa-0808.10b2System.3-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"},{"name":"hipaa-0809.01n2Organizational.1234-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"},{"name":"hipaa-0810.01n2Organizational.5-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"},{"name":"hipaa-08101.09m2Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"},{"name":"hipaa-08102.09nCSPOrganizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"},{"name":"hipaa-0811.01n2Organizational.6-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"},{"name":"hipaa-0812.01n2Organizational.8-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"},{"name":"hipaa-0814.01n1Organizational.12-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"},{"name":"hipaa-0815.01o2Organizational.123-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"},{"name":"hipaa-0816.01w1System.1-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"},{"name":"hipaa-0817.01w2System.123-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"},{"name":"hipaa-0818.01w3System.12-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"},{"name":"hipaa-0819.09m1Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"},{"name":"hipaa-0820.09m2Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"},{"name":"hipaa-0821.09m2Organizational.2-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"},{"name":"hipaa-0822.09m2Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"},{"name":"hipaa-0824.09m3Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"},{"name":"hipaa-0825.09m3Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"},{"name":"hipaa-0826.09m3Organizational.45-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"},{"name":"hipaa-0827.09m3Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"},{"name":"hipaa-0828.09m3Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"},{"name":"hipaa-0829.09m3Organizational.911-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"},{"name":"hipaa-0830.09m3Organizational.1012-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"},{"name":"hipaa-0832.09m3Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"},{"name":"hipaa-0835.09n1Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"},{"name":"hipaa-0836.09.n2Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"},{"name":"hipaa-0837.09.n2Organizational.2-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"},{"name":"hipaa-0850.01o1Organizational.12-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"},{"name":"hipaa-0858.09m1Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"},{"name":"hipaa-0859.09m1Organizational.78-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"},{"name":"hipaa-0860.09m1Organizational.9-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"},{"name":"hipaa-0861.09m2Organizational.67-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"},{"name":"hipaa-0862.09m2Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"},{"name":"hipaa-0863.09m2Organizational.910-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"},{"name":"hipaa-0864.09m2Organizational.12-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"},{"name":"hipaa-0865.09m2Organizational.13-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"},{"name":"hipaa-0866.09m3Organizational.1516-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"},{"name":"hipaa-0867.09m3Organizational.17-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"},{"name":"hipaa-0868.09m3Organizational.18-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"},{"name":"hipaa-0869.09m3Organizational.19-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"},{"name":"hipaa-0870.09m3Organizational.20-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"},{"name":"hipaa-0871.09m3Organizational.22-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"},{"name":"hipaa-0885.09n2Organizational.3-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"},{"name":"hipaa-0886.09n2Organizational.4-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"},{"name":"hipaa-0887.09n2Organizational.5-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"},{"name":"hipaa-0888.09n2Organizational.6-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"},{"name":"hipaa-0894.01m2Organizational.7-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"},{"name":"hipaa-0901.09s1Organizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"},{"name":"hipaa-0902.09s2Organizational.13-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"},{"name":"hipaa-0903.10f1Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"},{"name":"hipaa-0904.10f2Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"},{"name":"hipaa-0911.09s1Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"},{"name":"hipaa-0912.09s1Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"},{"name":"hipaa-0913.09s1Organizational.5-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"},{"name":"hipaa-0914.09s1Organizational.6-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"},{"name":"hipaa-0915.09s2Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"},{"name":"hipaa-0916.09s2Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"},{"name":"hipaa-0925.09v1Organizational.1-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"},{"name":"hipaa-0926.09v1Organizational.2-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"},{"name":"hipaa-0927.09v1Organizational.3-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"},{"name":"hipaa-0928.09v1Organizational.45-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"},{"name":"hipaa-0929.09v1Organizational.6-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"},{"name":"hipaa-0938.09x1Organizational.1-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"},{"name":"hipaa-0939.09x2Organizational.12-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"},{"name":"hipaa-0940.09x2Organizational.3-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"},{"name":"hipaa-0941.09x2Organizational.4-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"},{"name":"hipaa-0942.09x2Organizational.5-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"},{"name":"hipaa-0943.09y1Organizational.1-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"},{"name":"hipaa-0944.09y1Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"},{"name":"hipaa-0945.09y1Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"},{"name":"hipaa-0946.09y2Organizational.14-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"},{"name":"hipaa-0947.09y2Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"},{"name":"hipaa-0948.09y2Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"},{"name":"hipaa-0949.09y2Organizational.5-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"},{"name":"hipaa-0960.09sCSPOrganizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"},{"name":"hipaa-0961.09v1Organizational.7-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"},{"name":"hipaa-099.09m2Organizational.11-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"},{"name":"hipaa-1002.01d1System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"},{"name":"hipaa-1003.01d1System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"},{"name":"hipaa-1004.01d1System.8913-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"},{"name":"hipaa-1005.01d1System.1011-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"},{"name":"hipaa-1006.01d2System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"},{"name":"hipaa-1007.01d2System.2-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"},{"name":"hipaa-1008.01d2System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"},{"name":"hipaa-1009.01d2System.4-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"},{"name":"hipaa-1010.01d2System.5-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"},{"name":"hipaa-1014.01d1System.12-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"},{"name":"hipaa-1015.01d1System.14-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"},{"name":"hipaa-1022.01d1System.15-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"},{"name":"hipaa-1027.01d2System.6-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"},{"name":"hipaa-1031.01d1System.34510-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"},{"name":"hipaa-1106.01b1System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"},{"name":"hipaa-1107.01b1System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"},{"name":"hipaa-1108.01b1System.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"},{"name":"hipaa-1109.01b1System.479-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"},{"name":"hipaa-1110.01b1System.5-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"},{"name":"hipaa-11109.01q1Organizational.57-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"},{"name":"hipaa-1111.01b2System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"},{"name":"hipaa-11110.01q1Organizational.6-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"},{"name":"hipaa-11111.01q2System.4-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"},{"name":"hipaa-11112.01q2Organizational.67-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"},{"name":"hipaa-1112.01b2System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"},{"name":"hipaa-11126.01t1Organizational.12-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"},{"name":"hipaa-1114.01h1Organizational.123-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"},{"name":"hipaa-1115.01h1Organizational.45-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"},{"name":"hipaa-11154.02i1Organizational.5-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"},{"name":"hipaa-11155.02i2Organizational.2-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"},{"name":"hipaa-1116.01j1Organizational.145-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"},{"name":"hipaa-1117.01j1Organizational.23-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"},{"name":"hipaa-1118.01j2Organizational.124-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"},{"name":"hipaa-11180.01c3System.6-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"},{"name":"hipaa-1119.01j2Organizational.3-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"},{"name":"hipaa-11190.01t1Organizational.3-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"},{"name":"hipaa-1120.09ab3System.9-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"},{"name":"hipaa-11200.01b2Organizational.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"},{"name":"hipaa-11208.01q1Organizational.8-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"},{"name":"hipaa-11209.01q2Organizational.9-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"},{"name":"hipaa-1121.01j3Organizational.2-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"},{"name":"hipaa-11210.01q2Organizational.10-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"},{"name":"hipaa-11211.01q2Organizational.11-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"},{"name":"hipaa-11219.01b1Organizational.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"},{"name":"hipaa-1122.01q1System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"},{"name":"hipaa-11220.01b1System.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"},{"name":"hipaa-1123.01q1System.2-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"},{"name":"hipaa-1124.01q1System.34-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"},{"name":"hipaa-1125.01q2System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"},{"name":"hipaa-1127.01q2System.3-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"},{"name":"hipaa-1128.01q2System.5-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"},{"name":"hipaa-1129.01v1System.12-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"},{"name":"hipaa-1130.01v2System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"},{"name":"hipaa-1131.01v2System.2-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"},{"name":"hipaa-1132.01v2System.3-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"},{"name":"hipaa-1133.01v2System.4-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"},{"name":"hipaa-1134.01v3System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"},{"name":"hipaa-1135.02i1Organizational.1234-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"},{"name":"hipaa-1136.02i2Organizational.1-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"},{"name":"hipaa-1137.06e1Organizational.1-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"},{"name":"hipaa-1138.06e2Organizational.12-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"},{"name":"hipaa-1139.01b1System.68-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"},{"name":"hipaa-1143.01c1System.123-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"},{"name":"hipaa-1144.01c1System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"},{"name":"hipaa-1145.01c2System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"},{"name":"hipaa-1146.01c2System.23-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"},{"name":"hipaa-1147.01c2System.456-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"},{"name":"hipaa-1148.01c2System.78-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"},{"name":"hipaa-1149.01c2System.9-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"},{"name":"hipaa-1150.01c2System.10-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"},{"name":"hipaa-1151.01c3System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"},{"name":"hipaa-1152.01c3System.2-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"},{"name":"hipaa-1153.01c3System.35-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"},{"name":"hipaa-1154.01c3System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"},{"name":"hipaa-1166.01e1System.12-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"},{"name":"hipaa-1167.01e2System.1-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"},{"name":"hipaa-1168.01e2System.2-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"},{"name":"hipaa-1173.01j1Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"},{"name":"hipaa-1174.01j1Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"},{"name":"hipaa-1175.01j1Organizational.8-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"},{"name":"hipaa-1176.01j2Organizational.5-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"},{"name":"hipaa-1177.01j2Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"},{"name":"hipaa-1178.01j2Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"},{"name":"hipaa-1179.01j3Organizational.1-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"},{"name":"hipaa-1192.01l1Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"},{"name":"hipaa-1193.01l2Organizational.13-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"},{"name":"hipaa-1194.01l2Organizational.2-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"},{"name":"hipaa-1195.01l3Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"},{"name":"hipaa-1196.01l3Organizational.24-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"},{"name":"hipaa-1197.01l3Organizational.3-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"},{"name":"hipaa-1201.06e1Organizational.2-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"},{"name":"hipaa-1202.09aa1System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"},{"name":"hipaa-1203.09aa1System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"},{"name":"hipaa-1204.09aa1System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"},{"name":"hipaa-1205.09aa2System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"},{"name":"hipaa-1206.09aa2System.23-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"},{"name":"hipaa-1207.09aa2System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"},{"name":"hipaa-1208.09aa3System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"},{"name":"hipaa-1209.09aa3System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"},{"name":"hipaa-1210.09aa3System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"},{"name":"hipaa-12100.09ab2System.15-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"},{"name":"hipaa-12101.09ab1Organizational.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"},{"name":"hipaa-12102.09ab1Organizational.4-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"},{"name":"hipaa-12103.09ab1Organizational.5-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"},{"name":"hipaa-1211.09aa3System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"},{"name":"hipaa-1212.09ab1System.1-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"},{"name":"hipaa-1213.09ab2System.128-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"},{"name":"hipaa-1214.09ab2System.3456-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"},{"name":"hipaa-1215.09ab2System.7-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"},{"name":"hipaa-1216.09ab3System.12-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"},{"name":"hipaa-1217.09ab3System.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"},{"name":"hipaa-1218.09ab3System.47-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"},{"name":"hipaa-1219.09ab3System.10-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"},{"name":"hipaa-1220.09ab3System.56-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"},{"name":"hipaa-1222.09ab3System.8-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"},{"name":"hipaa-1229.09c1Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"},{"name":"hipaa-1230.09c2Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"},{"name":"hipaa-1231.09c2Organizational.23-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"},{"name":"hipaa-1232.09c3Organizational.12-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"},{"name":"hipaa-1233.09c3Organizational.3-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"},{"name":"hipaa-1270.09ad1System.12-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"},{"name":"hipaa-1271.09ad1System.1-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"},{"name":"hipaa-1276.09c2Organizational.2-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"},{"name":"hipaa-1277.09c2Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"},{"name":"hipaa-1278.09c2Organizational.56-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"},{"name":"hipaa-1279.09c3Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"},{"name":"hipaa-1301.02e1Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"},{"name":"hipaa-1302.02e2Organizational.134-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"},{"name":"hipaa-1303.02e2Organizational.2-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"},{"name":"hipaa-1304.02e3Organizational.1-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"},{"name":"hipaa-1305.02e3Organizational.23-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"},{"name":"hipaa-1306.06e1Organizational.5-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"},{"name":"hipaa-1307.07c1Organizational.124-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"},{"name":"hipaa-1308.09j1Organizational.5-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"},{"name":"hipaa-1309.01x1System.36-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"},{"name":"hipaa-1310.01y1Organizational.9-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"},{"name":"hipaa-1311.12c2Organizational.3-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"},{"name":"hipaa-1313.02e1Organizational.3-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"},{"name":"hipaa-1314.02e2Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"},{"name":"hipaa-1315.02e2Organizational.67-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"},{"name":"hipaa-1324.07c1Organizational.3-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"},{"name":"hipaa-1325.09s1Organizational.3-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"},{"name":"hipaa-1326.02e1Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"},{"name":"hipaa-1327.02e2Organizational.8-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"},{"name":"hipaa-1331.02e3Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"},{"name":"hipaa-1334.02e2Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"},{"name":"hipaa-1336.02e1Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"},{"name":"hipaa-1401.05i1Organizational.1239-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"},{"name":"hipaa-1402.05i1Organizational.45-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"},{"name":"hipaa-1403.05i1Organizational.67-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"},{"name":"hipaa-1404.05i2Organizational.1-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"},{"name":"hipaa-1406.05k1Organizational.110-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"},{"name":"hipaa-1407.05k2Organizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"},{"name":"hipaa-1408.09e1System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"},{"name":"hipaa-1409.09e2System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"},{"name":"hipaa-1410.09e2System.23-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"},{"name":"hipaa-1411.09f1System.1-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"},{"name":"hipaa-1412.09f2System.12-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"},{"name":"hipaa-1413.09f2System.3-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"},{"name":"hipaa-1416.10l1Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"},{"name":"hipaa-1417.10l2Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"},{"name":"hipaa-1418.05i1Organizational.8-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"},{"name":"hipaa-1419.05j1Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"},{"name":"hipaa-1421.05j2Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"},{"name":"hipaa-1422.05j2Organizational.3-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"},{"name":"hipaa-1423.05j2Organizational.4-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"},{"name":"hipaa-1424.05j2Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"},{"name":"hipaa-1428.05k1Organizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"},{"name":"hipaa-1429.05k1Organizational.34-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"},{"name":"hipaa-1430.05k1Organizational.56-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"},{"name":"hipaa-1431.05k1Organizational.7-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"},{"name":"hipaa-1432.05k1Organizational.89-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"},{"name":"hipaa-1438.09e2System.4-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"},{"name":"hipaa-1442.09f2System.456-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"},{"name":"hipaa-1450.05i2Organizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"},{"name":"hipaa-1451.05iCSPOrganizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"},{"name":"hipaa-1452.05kCSPOrganizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"},{"name":"hipaa-1453.05kCSPOrganizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"},{"name":"hipaa-1454.05kCSPOrganizational.3-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"},{"name":"hipaa-1455.05kCSPOrganizational.4-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"},{"name":"hipaa-1464.09e2Organizational.5-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"},{"name":"hipaa-1501.02f1Organizational.123-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"},{"name":"hipaa-1502.02f1Organizational.4-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"},{"name":"hipaa-1503.02f2Organizational.12-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"},{"name":"hipaa-1504.06e1Organizational.34-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"},{"name":"hipaa-1505.11a1Organizational.13-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"},{"name":"hipaa-1506.11a1Organizational.2-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"},{"name":"hipaa-1507.11a1Organizational.4-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"},{"name":"hipaa-1508.11a2Organizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"},{"name":"hipaa-1509.11a2Organizational.236-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"},{"name":"hipaa-1510.11a2Organizational.47-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"},{"name":"hipaa-1511.11a2Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"},{"name":"hipaa-1512.11a2Organizational.8-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"},{"name":"hipaa-1514.11a3Organizational.12-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"},{"name":"hipaa-1515.11a3Organizational.3-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"},{"name":"hipaa-1516.11c1Organizational.12-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"},{"name":"hipaa-1517.11c1Organizational.3-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"},{"name":"hipaa-1518.11c2Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"},{"name":"hipaa-1519.11c2Organizational.2-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"},{"name":"hipaa-1520.11c2Organizational.4-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"},{"name":"hipaa-1521.11c2Organizational.56-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"},{"name":"hipaa-1522.11c3Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"},{"name":"hipaa-1523.11c3Organizational.24-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"},{"name":"hipaa-1524.11a1Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"},{"name":"hipaa-1525.11a1Organizational.6-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"},{"name":"hipaa-1560.11d1Organizational.1-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"},{"name":"hipaa-1561.11d2Organizational.14-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"},{"name":"hipaa-1562.11d2Organizational.2-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"},{"name":"hipaa-1563.11d2Organizational.3-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"},{"name":"hipaa-1577.11aCSPOrganizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"},{"name":"hipaa-1581.02f1Organizational.7-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"},{"name":"hipaa-1587.11c2Organizational.10-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"},{"name":"hipaa-1589.11c1Organizational.5-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"},{"name":"hipaa-1601.12c1Organizational.1238-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"},{"name":"hipaa-1602.12c1Organizational.4567-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"},{"name":"hipaa-1603.12c1Organizational.9-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"},{"name":"hipaa-1604.12c2Organizational.16789-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"},{"name":"hipaa-1605.12c2Organizational.2-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"},{"name":"hipaa-1607.12c2Organizational.4-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"},{"name":"hipaa-1608.12c2Organizational.5-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"},{"name":"hipaa-1609.12c3Organizational.12-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"},{"name":"hipaa-1616.09l1Organizational.16-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"},{"name":"hipaa-1617.09l1Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"},{"name":"hipaa-1618.09l1Organizational.45-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"},{"name":"hipaa-1619.09l1Organizational.7-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"},{"name":"hipaa-1620.09l1Organizational.8-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"},{"name":"hipaa-1621.09l2Organizational.1-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"},{"name":"hipaa-1622.09l2Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"},{"name":"hipaa-1623.09l2Organizational.4-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"},{"name":"hipaa-1624.09l3Organizational.12-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"},{"name":"hipaa-1625.09l3Organizational.34-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"},{"name":"hipaa-1626.09l3Organizational.5-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"},{"name":"hipaa-1627.09l3Organizational.6-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"},{"name":"hipaa-1634.12b1Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"},{"name":"hipaa-1635.12b1Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"},{"name":"hipaa-1636.12b2Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"},{"name":"hipaa-1637.12b2Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"},{"name":"hipaa-1638.12b2Organizational.345-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"},{"name":"hipaa-1666.12d1Organizational.1235-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"},{"name":"hipaa-1667.12d1Organizational.4-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"},{"name":"hipaa-1668.12d1Organizational.67-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"},{"name":"hipaa-1669.12d1Organizational.8-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"},{"name":"hipaa-1670.12d2Organizational.1-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"},{"name":"hipaa-1671.12d2Organizational.2-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"},{"name":"hipaa-1672.12d2Organizational.3-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"},{"name":"hipaa-1699.09l1Organizational.10-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"},{"name":"hipaa-1704.03b1Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"},{"name":"hipaa-1705.03b2Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"},{"name":"hipaa-1706.03b1Organizational.3-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"},{"name":"hipaa-1707.03c1Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"},{"name":"hipaa-1708.03c2Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"},{"name":"hipaa-17101.10a3Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"},{"name":"hipaa-17120.10a3Organizational.5-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"},{"name":"hipaa-17126.03c1System.6-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"},{"name":"hipaa-1713.03c1Organizational.3-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"},{"name":"hipaa-1733.03d1Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"},{"name":"hipaa-1734.03d2Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"},{"name":"hipaa-1735.03d2Organizational.23-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"},{"name":"hipaa-1736.03d2Organizational.4-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"},{"name":"hipaa-1737.03d2Organizational.5-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"},{"name":"hipaa-1780.10a1Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"},{"name":"hipaa-1781.10a1Organizational.23-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"},{"name":"hipaa-1782.10a1Organizational.4-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"},{"name":"hipaa-1783.10a1Organizational.56-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"},{"name":"hipaa-1784.10a1Organizational.7-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"},{"name":"hipaa-1785.10a1Organizational.8-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"},{"name":"hipaa-1786.10a1Organizational.9-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"},{"name":"hipaa-1787.10a2Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"},{"name":"hipaa-1788.10a2Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"},{"name":"hipaa-1789.10a2Organizational.3-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"},{"name":"hipaa-1790.10a2Organizational.45-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"},{"name":"hipaa-1791.10a2Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"},{"name":"hipaa-1792.10a2Organizational.7814-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"},{"name":"hipaa-1793.10a2Organizational.91011-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"},{"name":"hipaa-1794.10a2Organizational.12-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"},{"name":"hipaa-1795.10a2Organizational.13-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"},{"name":"hipaa-1796.10a2Organizational.15-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"},{"name":"hipaa-1797.10a3Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"},{"name":"hipaa-1798.10a3Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"},{"name":"hipaa-1799.10a3Organizational.34-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"},{"name":"hipaa-1801.08b1Organizational.124-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"},{"name":"hipaa-1802.08b1Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"},{"name":"hipaa-1803.08b1Organizational.5-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"},{"name":"hipaa-1804.08b2Organizational.12-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"},{"name":"hipaa-1805.08b2Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"},{"name":"hipaa-1806.08b2Organizational.4-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"},{"name":"hipaa-1807.08b2Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"},{"name":"hipaa-1808.08b2Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"},{"name":"hipaa-1809.08b3Organizational.1-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"},{"name":"hipaa-1810.08b3Organizational.2-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"},{"name":"hipaa-18108.08j1Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"},{"name":"hipaa-18109.08j1Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"},{"name":"hipaa-1811.08b3Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"},{"name":"hipaa-18110.08j1Organizational.5-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"},{"name":"hipaa-18111.08j1Organizational.6-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"},{"name":"hipaa-18112.08j3Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"},{"name":"hipaa-1812.08b3Organizational.46-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"},{"name":"hipaa-18127.08l1Organizational.3-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"},{"name":"hipaa-1813.08b3Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"},{"name":"hipaa-18130.09p1Organizational.24-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"},{"name":"hipaa-18131.09p1Organizational.3-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"},{"name":"hipaa-1814.08d1Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"},{"name":"hipaa-18145.08b3Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"},{"name":"hipaa-18146.08b3Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"},{"name":"hipaa-1815.08d2Organizational.123-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"},{"name":"hipaa-1816.08d2Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"},{"name":"hipaa-1817.08d3Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"},{"name":"hipaa-1818.08d3Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"},{"name":"hipaa-1819.08j1Organizational.23-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"},{"name":"hipaa-1820.08j2Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"},{"name":"hipaa-1821.08j2Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"},{"name":"hipaa-1822.08j2Organizational.2-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"},{"name":"hipaa-1823.08j3Organizational.12-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"},{"name":"hipaa-1824.08j3Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"},{"name":"hipaa-1825.08l1Organizational.12456-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"},{"name":"hipaa-1826.09p1Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"},{"name":"hipaa-1827.09p2Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"},{"name":"hipaa-1844.08b1Organizational.6-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"},{"name":"hipaa-1845.08b1Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"},{"name":"hipaa-1846.08b2Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"},{"name":"hipaa-1847.08b2Organizational.910-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"},{"name":"hipaa-1848.08b2Organizational.11-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"},{"name":"hipaa-1862.08d1Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"},{"name":"hipaa-1863.08d1Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"},{"name":"hipaa-1901.06d1Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"},{"name":"hipaa-1902.06d1Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"},{"name":"hipaa-1903.06d1Organizational.3456711-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"},{"name":"hipaa-1904.06.d2Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"},{"name":"hipaa-1906.06.c1Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"},{"name":"hipaa-1907.06.c1Organizational.3-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"},{"name":"hipaa-1908.06.c1Organizational.4-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"},{"name":"hipaa-1911.06d1Organizational.13-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"},{"name":"hipaa-19134.05j1Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"},{"name":"hipaa-19141.06c1Organizational.7-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"},{"name":"hipaa-19142.06c1Organizational.8-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"},{"name":"hipaa-19143.06c1Organizational.9-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"},{"name":"hipaa-19144.06c2Organizational.1-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"},{"name":"hipaa-19145.06c2Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"},{"name":"hipaa-19242.06d1Organizational.14-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"},{"name":"hipaa-19243.06d1Organizational.15-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"},{"name":"hipaa-19245.06d2Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Kubernetes cluster pod security baseline standards for Linux-based workloads","policyType":"BuiltIn","description":"This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), @@ -2407,7 +2971,607 @@ interactions: Configuration","deprecated":true},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"[Deprecated]: Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Preview]: + CMMC Level 3","policyType":"BuiltIn","description":"This initiative includes + policies that address a subset of Cybersecurity Maturity Model Certification + (CMMC) Level 3 requirements. Additional policies will be added in upcoming + releases. For more information, visit https://aka.ms/cmmc-initiative.","metadata":{"version":"3.0.0-preview","preview":true,"category":"Regulatory + Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating guest configuration policies","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine; + for more information, visit https://aka.ms/policy-pricing"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be excluded from Windows VM Administrators group","description":"A + semicolon-separated list of users that should be excluded in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be included in Windows VM Administrators group","description":"A + semicolon-separated list of users that should be included in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that Windows VM Administrators group must only include","description":"A + semicolon-separated list of all the expected members of the Administrators + local group; Ex: Administrator; myUser1; myUser2","deprecated":true},"defaultValue":"Administrator"},"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917":{"type":"String","metadata":{"displayName":"[Preview]: + Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) + of the Log Analytics workspace where VMs agents should report"}},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive network hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0b15565f-aa9e-48ba-8619-45960f2c314d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification to subscription owner for high severity + alerts should be enabled","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network Security: Configure encryption types allowed for Kerberos","description":"Specifies + the encryption types that Kerberos is allowed to use."},"defaultValue":"2147483644"},"NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: LAN Manager authentication level","description":"Specify + which challenge-response authentication protocol is used for network logons. + This choice affects the level of authentication protocol used by clients, + the level of session security negotiated, and the level of authentication + accepted by servers."},"defaultValue":"5"},"NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: LDAP client signing requirements","description":"Specify + the level of data signing that is requested on behalf of clients that issue + LDAP BIND requests."},"defaultValue":"1"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: Minimum session security for NTLM SSP based (including secure + RPC) clients","description":"Specifies which behaviors are allowed by clients + for applications using the NTLM Security Support Provider (SSP). The SSP Interface + (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers + for more information."},"defaultValue":"537395200"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: Minimum session security for NTLM SSP based (including secure + RPC) servers","description":"Specifies which behaviors are allowed by servers + for applications using the NTLM Security Support Provider (SSP). The SSP Interface + (SSPI) is used by applications that need authentication services."},"defaultValue":"537395200"},"effect-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - Network Security''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not restrict the minimum + password length to 14 characters","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope + when auditing Log Analytics agent deployment","description":"Example value: + ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope when + auditing Log Analytics agent deployment","description":"Example value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that have accounts without passwords","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subscriptions should have a contact email address for security + issues","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that allow re-use of the previous + 24 passwords","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-760a85ff-6162-42b3-8d70-698e268f648c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities should be remediated by a Vulnerability + Assessment solution","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-bf16e0bb-31e1-4646-8202-60a235cc7e74":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not have the password complexity + setting enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9":{"type":"Array","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Web app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-da0f98fe-a24b-4ad5-af69-bd0400233661":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not store passwords using + reversible encryption","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9b597639-28e4-48eb-b506-56b05d366257":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft IaaSAntimalware extension should be deployed + on Windows servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9daedab3-fb2d-461e-b861-71790eead4f6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: All network ports should be restricted on network security + groups associated to your virtual machine","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"},"effect-a70ca396-0a34-413a-88e1-b956c1e683be":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: The Log Analytics agent should be installed on virtual + machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"effect-b4d66858-c922-44e3-9566-5cdb7a7be744":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A security contact phone number should be provided for + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Preview]: + List of regions where Network Watcher should be enabled","description":"Audit + if Network Watcher is not enabled for region(s).","strongType":"location"},"defaultValue":["[]"]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Preview]: + Name of the resource group for Network Watcher","description":"Name of the + resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource + group where the Network Watchers are located."},"defaultValue":"NetworkWatcherRG"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Function app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that allow remote connections from + accounts without passwords","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-efbde977-ba53-4479-b8e9-10b957924fbf":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: The Log Analytics agent should be installed on Virtual + Machine Scale Sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e6955644-301c-44b5-a4c4-528577de6861":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that do not have the passwd file permissions + set to 0644","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fb893a29-21bb-418c-a157-e99480ec364c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable + Kubernetes version","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"operationName-3b980d31-7904-4bb7-8575-5665739a8052":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Security Operation name for which activity + log alert should exist","deprecated":true},"allowedValues":["Microsoft.Security/policies/write","Microsoft.Security/securitySolutions/write","Microsoft.Security/securitySolutions/delete"],"defaultValue":[]},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention period (days) for IoT Hub resource logs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Application Gateway","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Mode Requirement","description":"Mode required for all WAF policies"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Azure Front Door Service","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Mode Requirement","description":"Mode required for all WAF policies"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-361c2074-3595-4e5d-8cab-4f21dffc835c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deploy Advanced Threat Protection on Storage Accounts","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-b5f04e03-92a3-4b09-9410-2cc5e5047656":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deploy Advanced Threat Protection for Cosmos DB Accounts","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: All Internet traffic should be routed via your deployed + Azure Firewall","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-013e242c-8828-4970-87b3-ab247555486d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Backup should be enabled for Virtual Machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d38fc420-0735-4ef3-ac11-c806f651a570":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Long-term geo-redundant backup should be enabled for Azure + SQL Databases","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a1181c5f-672a-477a-979a-7d58aa086233":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Security Center standard pricing tier should be selected","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for Cognitive + Services accounts","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Function + Apps","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0fea8f8a-4169-495d-8307-30ec335f387d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every domain to access your API for + FHIR","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","disabled"],"defaultValue":"audit"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your API + App","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Remotely accessible registry paths","description":"Specifies + which registry paths will be accessible over the network, regardless of the + users or groups listed in the access control list (ACL) of the `winreg` registry + key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server + Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Remotely accessible registry paths and sub-paths","description":"Specifies + which registry paths and sub-paths will be accessible over the network, regardless + of the users or groups listed in the access control list (ACL) of the `winreg` + registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP + Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows + NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal + Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal + Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Shares that can be accessed anonymously","description":"Specifies + which network shares can be accessed by anonymous users. The default configuration + for this policy setting has little effect because all users have to be authenticated + before they can access shared resources on the server."},"defaultValue":"0"},"effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - Network Access''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for PostgreSQL + flexible servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for PostgreSQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c9299215-ae47-4f50-9c54-8a392f68a052":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MySQL flexible + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c9d007d0-c057-4772-b18c-01e546713bcd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should allow access from trusted Microsoft + services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Container registries should not allow unrestricted network + access","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d9844e8a-1437-4aeb-a32c-0c992f056095":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Kubernetes cluster pods should only use approved host network + and port range","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Preview]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods should + only use approved host network and port range","description":"List of Kubernetes + namespaces to exclude from policy evaluation."},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed host paths for pod hostPath volumes to use","description":"The host + paths allowed for pod hostPath volumes to use. Provide an empty paths list + to block all host paths."},"defaultValue":["{\"paths\":[]}"]},"allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Boolean","metadata":{"displayName":"[Preview]: + Allow host network usage for Kubernetes cluster pods","description":"Set this + value to true if pod is allowed to use host network otherwise false."},"defaultValue":false},"minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum value in the allowable host port range that pods can use in the host + network namespace","description":"The minimum value in the allowable host + port range that pods can use in the host network namespace."},"defaultValue":0},"maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Preview]: + Maximum value in the allowable host port range that pods can use in the host + network namespace","description":"The maximum value in the allowable host + port range that pods can use in the host network namespace."},"defaultValue":0},"effect-55615ac9-af46-4a59-874e-391cc3dfb490":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Firewall should be enabled on Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Admin Approval Mode for the Built-in Administrator account","description":"Specifies + the behavior of Admin Approval Mode for the built-in Administrator account."},"defaultValue":"1"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Behavior of the elevation prompt for administrators in Admin Approval + Mode","description":"Specifies the behavior of the elevation prompt for administrators."},"defaultValue":"2"},"UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Detect application installations and prompt for elevation","description":"Specifies + the behavior of application installation detection for the computer."},"defaultValue":"1"},"UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Run all administrators in Admin Approval Mode","description":"Specifies + the behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"},"effect-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - User Account Control''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may log on locally","description":"Specifies which remote + users on the network are permitted to connect to the computer. This does not + include Remote Desktop Connection."},"defaultValue":"Administrators, Authenticated + Users"},"UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may log on locally","description":"Specifies which users + or groups can interactively log on to the computer. Users who attempt to log + on via Remote Desktop Connection or IIS also require this user right."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Remote Desktop Users","description":"Users or groups that may log on through + Remote Desktop Services"},"defaultValue":"Administrators"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied access to this computer from the network","description":"Specifies + which users or groups are explicitly prohibited from connecting to the computer + across the network."},"defaultValue":"Guests"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may manage auditing and security log","description":"Specifies + users and groups permitted to change the auditing options for files and directories + and clear the Security log."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may back up files and directories","description":"Specifies + users and groups allowed to circumvent file and directory permissions to back + up the system."},"defaultValue":"Administrators, Backup Operators"},"UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may change the system time","description":"Specifies + which users and groups are permitted to change the time and date on the internal + clock of the computer."},"defaultValue":"Administrators, LOCAL SERVICE"},"UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may change the time zone","description":"Specifies which + users and groups are permitted to change the time zone of the computer."},"defaultValue":"Administrators, + LOCAL SERVICE"},"UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may create a token object","description":"Specifies which + users and groups are permitted to create an access token, which may provide + elevated rights to access sensitive data."},"defaultValue":"No One"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied logging on as a batch job","description":"Specifies + which users and groups are explicitly not permitted to log on to the computer + as a batch job (i.e. scheduled task)."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied logging on as a service","description":"Specifies + which service accounts are explicitly not permitted to register a process + as a service."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied local logon","description":"Specifies which + users and groups are explicitly not permitted to log on to the computer."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied log on through Remote Desktop Services","description":"Specifies + which users and groups are explicitly not permitted to log on to the computer + via Terminal Services/Remote Desktop Client."},"defaultValue":"Guests"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + User and groups that may force shutdown from a remote system","description":"Specifies + which users and groups are permitted to shut down the computer from a remote + location on the network."},"defaultValue":"Administrators"},"UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that may restore files and directories","description":"Specifies + which users and groups are permitted to bypass file, directory, registry, + and other persistent object permissions when restoring backed up files and + directories."},"defaultValue":"Administrators, Backup Operators"},"UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that may shut down the system","description":"Specifies which + users and groups who are logged on locally to the computers in your environment + are permitted to shut down the operating system with the Shut Down command."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may take ownership of files or other objects","description":"Specifies + which users and groups are permitted to take ownership of files, folders, + registry keys, processes, or threads. This user right bypasses any permissions + that are in place to protect objects to give ownership to the specified user."},"defaultValue":"Administrators"},"effect-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''User Rights + Assignment''","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-87845465-c458-45f3-af66-dcd62176f397":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''System + Audit Policies - Privilege Use''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit usage of custom RBAC rules","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b954148f-4c11-4c38-8221-be76711e194a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations","description":"For more information about effects, visit https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"operationName-b954148f-4c11-4c38-8221-be76711e194a":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Administrative Operation name for which activity + log alert should be configured","deprecated":true},"allowedValues":["Microsoft.Sql/servers/firewallRules/write","Microsoft.Sql/servers/firewallRules/delete","Microsoft.Network/networkSecurityGroups/write","Microsoft.Network/networkSecurityGroups/delete","Microsoft.ClassicNetwork/networkSecurityGroups/write","Microsoft.ClassicNetwork/networkSecurityGroups/delete","Microsoft.Network/networkSecurityGroups/securityRules/write","Microsoft.Network/networkSecurityGroups/securityRules/delete","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"],"defaultValue":[]},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.ClassicNetwork/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Virtual machines should have the Guest Configuration extension","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Guest Configuration extension should be deployed to Azure + virtual machines with system assigned managed identity","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Monitor log profile should collect logs for categories + ''write,'' ''delete,'' and ''action''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7796937f-307b-4598-941c-67d3a05ebfe7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure subscriptions should have a log profile for Activity + Log","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Policy Operation name for which activity log + alert should exist","deprecated":true},"allowedValues":["Microsoft.Authorization/policyAssignments/write","Microsoft.Authorization/policyAssignments/delete"],"defaultValue":[]},"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Monitor should collect activity logs from all regions","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b02aacc0-b073-424e-8298-42b22829ee0a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Activity log should be retained for at least one year","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"TimeZone-c633f6a2-7f8b-4d9e-9456-02f0f04f5505":{"type":"String","metadata":{"displayName":"[Preview]: + Time zone","description":"The expected time zone","deprecated":true},"allowedValues":[],"defaultValue":[]},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MariaDB","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-48af4db5-9b8b-401c-8e74-076be876a430":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for PostgreSQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-82339799-d096-41ae-8538-b108becf0970":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MySQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f0f936f-2f01-4bf5-b6be-d423792fa562":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in Azure Container Registry images should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-bb91dfba-c30d-4263-9add-9c2384e659a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Non-internet-facing virtual machines should be protected + with network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e71308d3-144b-4262-b144-efdc3cc90517":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subnets should be associated with a Network Security Group","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed key types","description":"The list of allowed key types"},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM","EC","EC-HSM"]},"effect-75c4f823-d65c-4f29-a733-01d0077fdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should be the specified cryptographic type RSA or + EC","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum RSA key size for keys","description":"The minimum key size for RSA + keys."},"allowedValues":[2048,3072,4096],"defaultValue":2048},"effect-82067dbb-e53b-4e06-b631-546d197452d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys using RSA cryptography should have a specified minimum + key size","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum RSA key size certificates","description":"The minimum key size for + RSA certificates."},"allowedValues":[2048,3072,4096],"defaultValue":2048},"effect-cee51871-e572-4576-855c-047c820360f0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Certificates using RSA cryptography should have the specified + minimum key size","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed elliptic curve names","description":"The list of allowed curve names + for elliptic curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys using elliptic curve cryptography should have the + specified curve names","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-24fba194-95d6-48c0-aea7-f65bf859c598":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Infrastructure encryption should be enabled for Azure Database + for PostgreSQL servers","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should enable data encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-3a58212a-c829-4f13-9872-6371df2fd0b4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Infrastructure encryption should be enabled for Azure Database + for MySQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should have infrastructure encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should enable data encryption + with customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Data Explorer encryption at rest should use a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c349d81b-9985-44ae-a8da-ff98d108ede8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Data Box jobs should enable double encryption for + data at rest on the device","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8":{"type":"Array","metadata":{"displayName":"[Preview]: + Azure Data Box SKUs that support software-based double encryption","description":"The + list of Azure Data Box SKUs that support software-based double encryption"},"allowedValues":["DataBox","DataBoxHeavy"],"defaultValue":["DataBox","DataBoxHeavy"]},"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be enabled on Azure Data Explorer","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Double encryption should be enabled on Azure Data Explorer","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL managed instances should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-051cba44-2429-45b9-9649-46cec11c7119":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure API for FHIR should use a customer-managed key to + encrypt data at rest","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","disabled"],"defaultValue":"audit"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should use customer-managed keys to encrypt + data at rest","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Unattached disks should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Automation account variables should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Container registries should be encrypted with a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-617c02be-7f02-4efd-8836-3180d47b6c68":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel + property set to EncryptAndSign","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Both operating systems and data disks in Azure Kubernetes + Service clusters should be encrypted by customer-managed keys","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Stream Analytics jobs should use customer-managed + keys to encrypt data","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-f7d52b2d-e161-4dfa-a82b-55e564167385":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Synapse workspaces should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft Antimalware for Azure should be configured to + automatically update protection signatures","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have soft delete enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-123a3936-f020-408a-ba0c-47873faf1534":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Allowlist rules in your adaptive application control policy + should be updated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Linux machines should meet requirements for the Azure security + baseline","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Audit Authentication Policy Change","description":"Specifies whether audit + events are generated when changes are made to authentication policy. This + setting is useful for tracking changes in domain-level and forest-level trust + and privileges that are granted to user accounts or groups."},"allowedValues":["No + Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Audit Authorization Policy Change","description":"Specifies whether audit + events are generated for assignment and removal of user rights in user right + policies, changes in security token object permission, resource attributes + changes and Central Access Policy changes for file system objects."},"allowedValues":["No + Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''System + Audit Policies - Policy Change''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"}},"groupNames":["CMMC_L3_AC.3.017"]},{"policyDefinitionReferenceId":"f47b5582-33ec-4c5c-87c0-b010a6b2e917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"0b15565f-aa9e-48ba-8619-45960f2c314d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''effect-0b15565f-aa9e-48ba-8619-45960f2c314d'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityLANManagerAuthenticationLevel":{"value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityLDAPClientSigningRequirements":{"value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84'')]"},"effect":{"value":"[parameters(''effect-1221c620-d201-468c-81e7-2817e6107e84'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.2.064","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"a2d0e922-65d0-40c4-8f87-ea6da2d307a2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2'')]"}},"groupNames":["CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_SI.1.211"]},{"policyDefinitionReferenceId":"32133ab0-ee4b-4b44-98d6-042180979d50","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.013","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183","CMMC_L3_SC.3.185","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.061","CMMC_L3_CM.2.063","CMMC_L3_CM.3.068","CMMC_L3_CM.3.069"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.007"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.007"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["CMMC_L3_AC.1.001"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"5b054a0d-39e2-4d53-bea3-9734cad2c69b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b'')]"}},"groupNames":["CMMC_L3_IA.2.079"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"bf16e0bb-31e1-4646-8202-60a235cc7e74","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-bf16e0bb-31e1-4646-8202-60a235cc7e74'')]"}},"groupNames":["CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048","CMMC_L3_AU.3.049"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"8c122334-9d20-4eb8-89ea-ac9a705b74ae","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{"effect":{"value":"[parameters(''effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"da0f98fe-a24b-4ad5-af69-bd0400233661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-da0f98fe-a24b-4ad5-af69-bd0400233661'')]"}},"groupNames":["CMMC_L3_IA.2.081","CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"991310cd-e9f3-47bc-b7b6-f57b557d07db","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{"effect":{"value":"[parameters(''effect-991310cd-e9f3-47bc-b7b6-f57b557d07db'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"9b597639-28e4-48eb-b506-56b05d366257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''effect-9b597639-28e4-48eb-b506-56b05d366257'')]"}},"groupNames":["CMMC_L3_SI.1.211","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"9daedab3-fb2d-461e-b861-71790eead4f6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''effect-9daedab3-fb2d-461e-b861-71790eead4f6'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CA.2.158","CMMC_L3_CA.3.161"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{"effect":{"value":"[parameters(''effect-a70ca396-0a34-413a-88e1-b956c1e683be'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CM.2.064","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_SC.3.191","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CM.2.064","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_SC.3.191","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_IR.2.093","CMMC_L3_SI.1.211","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"5752e6d6-1206-46d8-8ab1-ecc2f71a8112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["CMMC_L3_AC.2.013","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e2c1c086-2d84-4019-bff3-c44ccd95113c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{"effect":{"value":"[parameters(''effect-e2c1c086-2d84-4019-bff3-c44ccd95113c'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"ea53dbee-c6c9-4f0e-9f9e-de0039b78023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.013"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{"effect":{"value":"[parameters(''effect-efbde977-ba53-4479-b8e9-10b957924fbf'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e6955644-301c-44b5-a4c4-528577de6861","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-e6955644-301c-44b5-a4c4-528577de6861'')]"}},"groupNames":["CMMC_L3_IA.1.077"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''effect-fb893a29-21bb-418c-a157-e99480ec364c'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.065","CMMC_L3_IR.2.093","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"6e2593d9-add6-4083-9c9b-4b7d2188c899","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"c251913d-7d24-4958-af87-478ed3b9ba41","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41","parameters":{},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"}},"groupNames":["CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"12430be1-6cc8-4527-a9a8-e3d38f250096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096","parameters":{"effect":{"value":"[parameters(''effect-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"425bea59-a659-4cbb-8d31-34499bd030b8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8","parameters":{"effect":{"value":"[parameters(''effect-425bea59-a659-4cbb-8d31-34499bd030b8'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"055aa869-bc98-4af8-bafc-23f1ab6ffe2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"361c2074-3595-4e5d-8cab-4f21dffc835c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","parameters":{"effect":{"value":"[parameters(''effect-361c2074-3595-4e5d-8cab-4f21dffc835c'')]"}},"groupNames":["CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"b5f04e03-92a3-4b09-9410-2cc5e5047656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","parameters":{"effect":{"value":"[parameters(''effect-b5f04e03-92a3-4b09-9410-2cc5e5047656'')]"}},"groupNames":["CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''effect-013e242c-8828-4970-87b3-ab247555486d'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''effect-d38fc420-0735-4ef3-ac11-c806f651a570'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"a1181c5f-672a-477a-979a-7d58aa086233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{"effect":{"value":"[parameters(''effect-a1181c5f-672a-477a-979a-7d58aa086233'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.063","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144"]},{"policyDefinitionReferenceId":"0e6763cc-5078-4e64-889d-ff4d9a839047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SC.3.187","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"2913021d-f2fd-4f3d-b958-22354e2bdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"308fbb08-4ab8-4e67-9b29-592e93fb94fa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"4da35fc9-c9e7-4960-aec9-797fe7d9051d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"523b5cd1-3e23-492f-a539-13118b6d1e3a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"6581d072-105e-4418-827f-bd446d56421b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.007","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.2.179","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"037eea7a-bd0a-46c5-9a66-03aea78705d3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''effect-037eea7a-bd0a-46c5-9a66-03aea78705d3'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0725b4dd-7e76-479c-a735-68e7ee23d5ca","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0fea8f8a-4169-495d-8307-30ec335f387d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d","parameters":{"effect":{"value":"[parameters(''effect-0fea8f8a-4169-495d-8307-30ec335f387d'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"1b8ca024-1d5c-4dec-8995-b1a932b41780","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.1.003"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"effect":{"value":"[parameters(''effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"5e1de0e3-42cb-4ebc-a86d-61d0c619ca48","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48","parameters":{"effect":{"value":"[parameters(''effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.007","CMMC_L3_AC.2.016","CMMC_L3_CM.2.062"]},{"policyDefinitionReferenceId":"b52376f7-9612-48a1-81cd-1ffe4b61032c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''effect-b52376f7-9612-48a1-81cd-1ffe4b61032c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"c9299215-ae47-4f50-9c54-8a392f68a052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052","parameters":{"effect":{"value":"[parameters(''effect-c9299215-ae47-4f50-9c54-8a392f68a052'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"c9d007d0-c057-4772-b18c-01e546713bcd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{"effect":{"value":"[parameters(''effect-c9d007d0-c057-4772-b18c-01e546713bcd'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d0793b48-0edc-4296-a390-4c75d1bdfd71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''effect-d0793b48-0edc-4296-a390-4c75d1bdfd71'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d9844e8a-1437-4aeb-a32c-0c992f056095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''effect-d9844e8a-1437-4aeb-a32c-0c992f056095'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"e372f825-a257-4fb8-9175-797a8a8627d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.1.003","CMMC_L3_AC.2.015","CMMC_L3_AC.2.016"]},{"policyDefinitionReferenceId":"fdccbe47-f3e3-4213-ad5d-ea459b2fa077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"82985f06-dc18-4a48-bc1c-b9f4f0098cfe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"namespaces":{"value":"[parameters(''namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"allowHostNetwork":{"value":"[parameters(''allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"minPort":{"value":"[parameters(''minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"maxPort":{"value":"[parameters(''maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"55615ac9-af46-4a59-874e-391cc3dfb490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''effect-55615ac9-af46-4a59-874e-391cc3dfb490'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.3.183","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"492a29ed-d143-4f03-b6a4-705ce081b463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"effect":{"value":"[parameters(''effect-492a29ed-d143-4f03-b6a4-705ce081b463'')]"}},"groupNames":["CMMC_L3_AC.2.008","CMMC_L3_AC.3.021","CMMC_L3_CM.2.063"]},{"policyDefinitionReferenceId":"e068b215-0026-4354-b347-8fb2766f73a2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"effect":{"value":"[parameters(''effect-e068b215-0026-4354-b347-8fb2766f73a2'')]"}},"groupNames":["CMMC_L3_AC.2.008","CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"87845465-c458-45f3-af66-dcd62176f397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-87845465-c458-45f3-af66-dcd62176f397'')]"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_CM.2.062"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5'')]"}},"groupNames":["CMMC_L3_AC.3.018"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.ClassicNetwork/networkSecurityGroups/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"331e8ea8-378a-410f-a2e5-ae22f38bb0da","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"ae89ebca-1c92-4898-ac2c-9f63decb045c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''effect-ae89ebca-1c92-4898-ac2c-9f63decb045c'')]"}},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"d26f7642-7545-4e18-9b75-8c9bbdee3a9a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a'')]"}},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{"effect":{"value":"[parameters(''effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"7796937f-307b-4598-941c-67d3a05ebfe7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''effect-7796937f-307b-4598-941c-67d3a05ebfe7'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/delete"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.049","CMMC_L3_CM.2.061","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{"effect":{"value":"[parameters(''effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b02aacc0-b073-424e-8298-42b22829ee0a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{"effect":{"value":"[parameters(''effect-b02aacc0-b073-424e-8298-42b22829ee0a'')]"}},"groupNames":["CMMC_L3_AU.2.042","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''effect-0ec47710-77ff-4a3d-9181-6aa50af424d0'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''effect-48af4db5-9b8b-401c-8e74-076be876a430'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''effect-82339799-d096-41ae-8538-b108becf0970'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"5f0f936f-2f01-4bf5-b6be-d423792fa562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''effect-5f0f936f-2f01-4bf5-b6be-d423792fa562'')]"}},"groupNames":["CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"bb91dfba-c30d-4263-9add-9c2384e659a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''effect-bb91dfba-c30d-4263-9add-9c2384e659a6'')]"}},"groupNames":["CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''effect-e71308d3-144b-4262-b144-efdc3cc90517'')]"}},"groupNames":["CMMC_L3_CM.3.068","CMMC_L3_SC.1.176","CMMC_L3_SC.3.180","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"75c4f823-d65c-4f29-a733-01d0077fdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb","parameters":{"allowedKeyTypes":{"value":"[parameters(''allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb'')]"},"effect":{"value":"[parameters(''effect-75c4f823-d65c-4f29-a733-01d0077fdbcb'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"82067dbb-e53b-4e06-b631-546d197452d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9","parameters":{"minimumRSAKeySize":{"value":"[parameters(''minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9'')]"},"effect":{"value":"[parameters(''effect-82067dbb-e53b-4e06-b631-546d197452d9'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"cee51871-e572-4576-855c-047c820360f0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","parameters":{"minimumRSAKeySize":{"value":"[parameters(''minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0'')]"},"effect":{"value":"[parameters(''effect-cee51871-e572-4576-855c-047c820360f0'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"ff25f3c8-b739-4538-9d07-3d6d25cfb255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255","parameters":{"allowedECNames":{"value":"[parameters(''allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255'')]"},"effect":{"value":"[parameters(''effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"24fba194-95d6-48c0-aea7-f65bf859c598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24fba194-95d6-48c0-aea7-f65bf859c598","parameters":{"effect":{"value":"[parameters(''effect-24fba194-95d6-48c0-aea7-f65bf859c598'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"2bdd0062-9d75-436e-89df-487dd8e4b3c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3a58212a-c829-4f13-9872-6371df2fd0b4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4","parameters":{"effect":{"value":"[parameters(''effect-3a58212a-c829-4f13-9872-6371df2fd0b4'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"4733ea7b-a883-42fe-8cac-97454c2a9e4a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a","parameters":{"effect":{"value":"[parameters(''effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"67121cc7-ff39-4ab8-b7e3-95b84dab487d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"6fac406b-40ca-413b-bf8e-0bf964659c25","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"81e74cea-30fd-40d5-802f-d72103c2aaaa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa","parameters":{"effect":{"value":"[parameters(''effect-81e74cea-30fd-40d5-802f-d72103c2aaaa'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"a7ff3161-0087-490a-9ad9-ad6217f4f43a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"c349d81b-9985-44ae-a8da-ff98d108ede8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8","parameters":{"effect":{"value":"[parameters(''effect-c349d81b-9985-44ae-a8da-ff98d108ede8'')]"},"supportedSKUs":{"value":"[parameters(''supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"f4b53539-8df9-40e4-86c6-6b607703bd4e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e","parameters":{"effect":{"value":"[parameters(''effect-f4b53539-8df9-40e4-86c6-6b607703bd4e'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1","parameters":{"effect":{"value":"[parameters(''effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"051cba44-2429-45b9-9649-46cec11c7119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119","parameters":{"effect":{"value":"[parameters(''effect-051cba44-2429-45b9-9649-46cec11c7119'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''effect-3657f5a0-770e-44a3-b44e-9431ba1e9735'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''effect-617c02be-7f02-4efd-8836-3180d47b6c68'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"7d7be79c-23ba-4033-84dd-45e2a5ccdd67","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67","parameters":{"effect":{"value":"[parameters(''effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"87ba29ef-1ab3-4d82-b763-87fcd4f531f7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7","parameters":{"effect":{"value":"[parameters(''effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"f7d52b2d-e161-4dfa-a82b-55e564167385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385","parameters":{"effect":{"value":"[parameters(''effect-f7d52b2d-e161-4dfa-a82b-55e564167385'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{"effect":{"value":"[parameters(''effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57'')]"}},"groupNames":["CMMC_L3_SI.1.210","CMMC_L3_SI.1.211","CMMC_L3_SI.1.212","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"123a3936-f020-408a-ba0c-47873faf1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''effect-123a3936-f020-408a-ba0c-47873faf1534'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.063","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"fc9b3da7-8347-4380-8e70-0a0361d8dedd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd'')]"}},"groupNames":["CMMC_L3_CM.2.061"]},{"policyDefinitionReferenceId":"2a7a701e-dff3-4da9-9ec5-42cb98594c0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditAuthenticationPolicyChange":{"value":"[parameters(''AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"},"AuditAuthorizationPolicyChange":{"value":"[parameters(''AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"},"effect":{"value":"[parameters(''effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"}},"groupNames":["CMMC_L3_CM.2.065"]}],"policyDefinitionGroups":[{"name":"CMMC_L3_AC.1.001","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.001"},{"name":"CMMC_L3_AC.1.002","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.002"},{"name":"CMMC_L3_AC.1.003","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.003"},{"name":"CMMC_L3_AC.1.004","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.004"},{"name":"CMMC_L3_AC.2.005","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.005"},{"name":"CMMC_L3_AC.2.006","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.006"},{"name":"CMMC_L3_AC.2.007","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.007"},{"name":"CMMC_L3_AC.2.008","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.008"},{"name":"CMMC_L3_AC.2.009","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.009"},{"name":"CMMC_L3_AC.2.010","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.010"},{"name":"CMMC_L3_AC.2.011","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.011"},{"name":"CMMC_L3_AC.2.013","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.013"},{"name":"CMMC_L3_AC.2.015","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.015"},{"name":"CMMC_L3_AC.2.016","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.016"},{"name":"CMMC_L3_AC.3.012","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.012"},{"name":"CMMC_L3_AC.3.014","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.014"},{"name":"CMMC_L3_AC.3.017","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.017"},{"name":"CMMC_L3_AC.3.018","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.018"},{"name":"CMMC_L3_AC.3.019","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.019"},{"name":"CMMC_L3_AC.3.020","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.020"},{"name":"CMMC_L3_AC.3.021","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.021"},{"name":"CMMC_L3_AC.3.022","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.022"},{"name":"CMMC_L3_AM.3.036","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AM.3.036"},{"name":"CMMC_L3_AT.2.056","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.056"},{"name":"CMMC_L3_AT.2.057","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.057"},{"name":"CMMC_L3_AT.3.058","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.3.058"},{"name":"CMMC_L3_AU.2.041","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.041"},{"name":"CMMC_L3_AU.2.042","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.042"},{"name":"CMMC_L3_AU.2.043","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.043"},{"name":"CMMC_L3_AU.2.044","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.044"},{"name":"CMMC_L3_AU.3.045","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.045"},{"name":"CMMC_L3_AU.3.046","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.046"},{"name":"CMMC_L3_AU.3.048","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.048"},{"name":"CMMC_L3_AU.3.049","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.049"},{"name":"CMMC_L3_AU.3.050","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.050"},{"name":"CMMC_L3_AU.3.051","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.051"},{"name":"CMMC_L3_AU.3.052","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.052"},{"name":"CMMC_L3_CA.2.157","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.157"},{"name":"CMMC_L3_CA.2.158","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.158"},{"name":"CMMC_L3_CA.2.159","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.159"},{"name":"CMMC_L3_CA.3.161","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.161"},{"name":"CMMC_L3_CA.3.162","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.162"},{"name":"CMMC_L3_CM.2.061","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.061"},{"name":"CMMC_L3_CM.2.062","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.062"},{"name":"CMMC_L3_CM.2.063","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.063"},{"name":"CMMC_L3_CM.2.064","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.064"},{"name":"CMMC_L3_CM.2.065","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.065"},{"name":"CMMC_L3_CM.2.066","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.066"},{"name":"CMMC_L3_CM.3.067","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.067"},{"name":"CMMC_L3_CM.3.068","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.068"},{"name":"CMMC_L3_CM.3.069","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.069"},{"name":"CMMC_L3_IA.1.076","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.076"},{"name":"CMMC_L3_IA.1.077","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.077"},{"name":"CMMC_L3_IA.2.078","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.078"},{"name":"CMMC_L3_IA.2.079","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.079"},{"name":"CMMC_L3_IA.2.080","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.080"},{"name":"CMMC_L3_IA.2.081","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.081"},{"name":"CMMC_L3_IA.2.082","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.082"},{"name":"CMMC_L3_IA.3.083","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.083"},{"name":"CMMC_L3_IA.3.084","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.084"},{"name":"CMMC_L3_IA.3.085","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.085"},{"name":"CMMC_L3_IA.3.086","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.086"},{"name":"CMMC_L3_IR.2.092","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.092"},{"name":"CMMC_L3_IR.2.093","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.093"},{"name":"CMMC_L3_IR.2.094","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.094"},{"name":"CMMC_L3_IR.2.096","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.096"},{"name":"CMMC_L3_IR.2.097","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.097"},{"name":"CMMC_L3_IR.3.098","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.098"},{"name":"CMMC_L3_IR.3.099","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.099"},{"name":"CMMC_L3_MA.2.111","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.111"},{"name":"CMMC_L3_MA.2.112","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.112"},{"name":"CMMC_L3_MA.2.113","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.113"},{"name":"CMMC_L3_MA.2.114","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.114"},{"name":"CMMC_L3_MA.3.115","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.115"},{"name":"CMMC_L3_MA.3.116","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.116"},{"name":"CMMC_L3_MP.1.118","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.1.118"},{"name":"CMMC_L3_MP.2.119","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.119"},{"name":"CMMC_L3_MP.2.120","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.120"},{"name":"CMMC_L3_MP.2.121","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.121"},{"name":"CMMC_L3_MP.3.122","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.122"},{"name":"CMMC_L3_MP.3.123","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.123"},{"name":"CMMC_L3_MP.3.124","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.124"},{"name":"CMMC_L3_MP.3.125","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.125"},{"name":"CMMC_L3_PE.1.131","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.131"},{"name":"CMMC_L3_PE.1.132","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.132"},{"name":"CMMC_L3_PE.1.133","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.133"},{"name":"CMMC_L3_PE.1.134","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.134"},{"name":"CMMC_L3_PE.2.135","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.2.135"},{"name":"CMMC_L3_PE.3.136","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.3.136"},{"name":"CMMC_L3_PS.2.127","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.127"},{"name":"CMMC_L3_PS.2.128","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.128"},{"name":"CMMC_L3_RE.2.137","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.137"},{"name":"CMMC_L3_RE.2.138","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.138"},{"name":"CMMC_L3_RE.3.139","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.3.139"},{"name":"CMMC_L3_RM.2.141","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.141"},{"name":"CMMC_L3_RM.2.142","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.142"},{"name":"CMMC_L3_RM.2.143","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.143"},{"name":"CMMC_L3_RM.3.144","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.144"},{"name":"CMMC_L3_RM.3.146","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.146"},{"name":"CMMC_L3_RM.3.147","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.147"},{"name":"CMMC_L3_SA.3.169","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SA.3.169"},{"name":"CMMC_L3_SC.1.175","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.175"},{"name":"CMMC_L3_SC.1.176","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.176"},{"name":"CMMC_L3_SC.2.178","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.178"},{"name":"CMMC_L3_SC.2.179","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.179"},{"name":"CMMC_L3_SC.3.177","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.177"},{"name":"CMMC_L3_SC.3.180","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.180"},{"name":"CMMC_L3_SC.3.181","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.181"},{"name":"CMMC_L3_SC.3.182","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.182"},{"name":"CMMC_L3_SC.3.183","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.183"},{"name":"CMMC_L3_SC.3.184","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.184"},{"name":"CMMC_L3_SC.3.185","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.185"},{"name":"CMMC_L3_SC.3.186","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.186"},{"name":"CMMC_L3_SC.3.187","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.187"},{"name":"CMMC_L3_SC.3.188","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.188"},{"name":"CMMC_L3_SC.3.189","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.189"},{"name":"CMMC_L3_SC.3.190","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.190"},{"name":"CMMC_L3_SC.3.191","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.191"},{"name":"CMMC_L3_SC.3.192","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.192"},{"name":"CMMC_L3_SC.3.193","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.193"},{"name":"CMMC_L3_SI.1.210","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.210"},{"name":"CMMC_L3_SI.1.211","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.211"},{"name":"CMMC_L3_SI.1.212","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.212"},{"name":"CMMC_L3_SI.1.213","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.213"},{"name":"CMMC_L3_SI.2.214","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.214"},{"name":"CMMC_L3_SI.2.216","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.216"},{"name":"CMMC_L3_SI.2.217","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.217"},{"name":"CMMC_L3_SI.3.218","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.218"},{"name":"CMMC_L3_SI.3.219","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.219"},{"name":"CMMC_L3_SI.3.220","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.220"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de","type":"Microsoft.Authorization/policySetDefinitions","name":"b5629c75-5c77-4422-87b9-2509e680f8de"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates @@ -2440,7 +3604,527 @@ interactions: on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.0.0-deprecated","category":"Guest Configuration","deprecated":true},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"[Deprecated]: Number of days","description":"The number of days without restart until the - machine is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Preview]: + machine is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Deprecated]: + Azure Security Benchmark v2","policyType":"BuiltIn","description":"This initiative + has been deprecated. The Azure Security Benchmark v2 policy set is now represented + in the consolidated Azure Security Benchmark initiative, which also serves + as the Azure Security Center default policy initiative. Please assign that + initiative, or manage its policies and compliance results within Azure Security + Center","metadata":{"version":"2.0.1-deprecated","deprecated":true,"category":"Regulatory + Compliance"},"parameters":{"effect-e71308d3-144b-4262-b144-efdc3cc90517":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Subnets should be associated with a Network Security Group","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-bd352bd5-2853-4985-bf0d-73806b4a5744":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: IP Forwarding on your virtual machine should be disabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-22730e10-96f6-4aac-ad84-9383d35b5917":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Management ports should be closed on your virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: All Internet traffic should be routed via your deployed + Azure Firewall","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Authorized IP ranges should be defined on Kubernetes Services","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Adaptive Network Hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-55615ac9-af46-4a59-874e-391cc3dfb490":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Firewall should be enabled on Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cosmos DB accounts should have firewall rules","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for Cognitive + Services accounts","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should restrict network access using virtual + network rules","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should not allow unrestricted network + access","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for PostgreSQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d9844e8a-1437-4aeb-a32c-0c992f056095":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: API Management services should use a virtual network","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"evaluatedSkuNames-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b":{"type":"Array","metadata":{"displayName":"[Deprecated]: + API Management SKUs that should use a virtual network","description":"List + of API Management SKUs against which this policy will be evaluated"},"allowedValues":["Developer","Basic","Standard","Premium","Consumption"],"defaultValue":["Developer","Premium"]},"effect-0564d078-92f5-4f97-8398-b9f58a51f70b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for PostgreSQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0a1302fb-a631-4106-9753-f3d494733990":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7595c971-233d-4bcf-bd18-596129188c49":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2154edb9-244f-4741-9970-660785bccdaa":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: VM Image Builder templates should use private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-40cec1dd-a100-4920-b15b-3024fe8901ab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Machine Learning workspaces should use private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-4b90e17e-8448-49db-875e-bd83fb6f804f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Event Grid topics should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-53503636-bcc9-4748-9663-5348217f160f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure SignalR Service should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5f0bc445-3935-4915-9981-011aa2b46147":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be configured for Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-6edd7eda-6dd8-40f7-810d-67160c639cd9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account should use a private link connection","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9830b652-8523-49cc-b1b3-e17dce1127ca":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Event Grid domains should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ca610c1d-041c-4332-9d88-7ed3094967c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: App Configuration should use a private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cache for Redis should reside within a virtual network","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Spring Cloud should use network injection","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled","Deny"],"defaultValue":"Audit"},"evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Azure Spring Cloud SKUs that should use network injection","description":"List + of Azure Spring Cloud SKUs against which this policy will be evaluated"},"allowedValues":["Standard"],"defaultValue":["Standard"]},"effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure DDoS Protection Standard should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service Fabric clusters should only use Azure Active Directory + for client authentication","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2b9ad585-36bc-4615-b300-fd4435808332":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6646a0bd-e110-40ca-bb97-84fcee63c414":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service principals should be used to protect your subscriptions + instead of management certificates","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Audit usage of custom RBAC rules","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Custom subscription owner roles should not exist","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Sensitive data in your SQL databases should be classified","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should enable data encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-399b2637-a50f-4f95-96f8-3a145476eb15":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS only should be required in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS should be required in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS only should be required in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce HTTPS ingress in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Enforce HTTPS ingress in Kubernetes + cluster","description":"List of Kubernetes namespaces to exclude from policy + evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Deprecated]: + Include Arc-connected servers when evaluating policy: Audit Windows web servers + that are not using secure communication protocols","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Deprecated]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SQL server TDE protector should be encrypted with your + own key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SQL Managed Instance TDE protector should be encrypted + with your own key","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Automation account variables should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-617c02be-7f02-4efd-8836-3180d47b6c68":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel + property set to EncryptAndSign","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-11566b39-f7f7-4b82-ab06-68d8700eb0a4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should use customer owned storage + or enable data encryption.","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cosmos DB account should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should be encrypted with a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should enable data encryption + with customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Machine Learning workspaces should be encrypted with + a customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-18adea5e-f416-4d0f-8aa8-d24321e3e274":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Bring your own key data protection should be enabled for + PostgreSQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Bring your own key data protection should be enabled for + MySQL servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Virtual machines should be migrated to new Azure Resource + Manager resources","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should be migrated to new Azure Resource + Manager resources","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Network traffic data collection agent should be installed + on Windows virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-04c4380f-3fae-46e8-96c9-30193528f602":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Network traffic data collection agent should be installed + on Linux virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of regions where Network Watcher should be enabled","description":"To + see a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":["[]"]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Name of the resource group for Network Watcher","description":"Name of the + resource group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"},"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Azure Data Lake Store should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Data Lake Store resource logs"},"defaultValue":"365"},"effect-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Logic Apps should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Logic Apps resource logs"},"defaultValue":"365"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for IoT Hub resource logs"},"defaultValue":"365"},"effect-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Batch accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Batch resource logs"},"defaultValue":"365"},"effect-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"Boolean","metadata":{"displayName":"[Deprecated]: + Include AKS clusters when auditing if virtual machine scale set resource logs + are enabled"},"defaultValue":false},"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Event Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Event Hub resource logs"},"defaultValue":"365"},"effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Search services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Search resource logs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Data Lake Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Data Lake Analytics resource logs"},"defaultValue":"365"},"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Key Vault resource logs"},"defaultValue":"365"},"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Service Bus should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Service Bus resource logs"},"defaultValue":"365"},"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Azure Stream Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Stream Analytics resource logs"},"defaultValue":"365"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","Disabled"],"defaultValue":"enabled"},"effect-a4fe33eb-e377-4efb-ab31-0784311bc499":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your virtual + machine for Azure Security Center monitoring","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a3a6ea0c-e018-4933-9ef0-5aaa1501449b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your virtual + machine scale sets for Azure Security Center monitoring","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-475aae12-b88a-4572-8b36-9b712b2b3a17":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Automatic provisioning of the Log Analytics monitoring + agent should be enabled on your subscription","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent health issues should be resolved on + your machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your Linux Azure + Arc machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your Windows + Azure Arc machines","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A security contact email address should be provided for + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0b15565f-aa9e-48ba-8619-45960f2c314d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Email notification to subscription owner for high severity + alerts should be enabled","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your Function + Apps","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your API + App","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure API app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eaebaea7-8013-4ceb-9d14-7eb32271373c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure Function app has ''Client Certificates (Incoming + client certificates)'' set to ''On''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5bb220d9-2698-4ee4-8404-b9c30c9df609":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure WEB app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0a15ec92-a229-4763-bb14-0ea34a568f8d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Policy Add-on for Kubernetes service (AKS) should + be installed and enabled on your clusters","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"String","metadata":{"displayName":"[Deprecated]: + Allowed container images for Kubernetes clusters","description":"Regular expression + used to match allowed container images in a Kubernetes cluster; Ex: allow + any Azure Container Registry image by matching partial path: ^.+azurecr.io/.+$"},"defaultValue":"^(.+){0}$"},"effect-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure only allowed container images in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure only allowed container + images in Kubernetes cluster","description":"List of Kubernetes namespaces + to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-95edb821-ddaf-4404-9732-666045e056b4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Do not allow privileged containers in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-95edb821-ddaf-4404-9732-666045e056b4":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Do not allow privileged containers + in Kubernetes cluster","description":"List of Kubernetes namespaces to exclude + from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedContainerPortsList-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Allowed container ports in Kubernetes clusters"},"defaultValue":["-1"]},"effect-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure containers listen only on allowed ports in Kubernetes + cluster","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure containers listen only + on allowed ports in Kubernetes cluster","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedServicePortsList-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Allowed services ports in Kubernetes clusters"},"defaultValue":["-1"]},"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure services listen only on allowed ports in Kubernetes + cluster","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure services listen only + on allowed ports in Kubernetes cluster","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes clusters should not allow container privilege + escalation","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes clusters should + not allow container privilege escalation","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Maximum allowed CPU units for containers in Kubernetes clusters","description":"Ex: + 200m; for more information, visit https://aka.ms/k8s-policy-pod-limits"},"defaultValue":"0"},"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Maximum allowed memory (bytes) for a container in Kubernetes clusters","description":"Ex: + 1Gi; for more information, visit https://aka.ms/k8s-policy-pod-limits"},"defaultValue":"0"},"effect-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure container CPU and memory resource limits do not + exceed the specified limits in Kubernetes cluster","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure container CPU and memory + resource limits do not exceed the specified limits in Kubernetes cluster","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pods and containers should only run + with approved user and group IDs","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-f06ddb64-5fa3-4b77-b166-acb36f7f6042":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods and + containers should only run with approved user and group IDs","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should not share host process + ID or host IPC namespace","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should not share host process ID or host IPC namespace","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-df49d893-a74c-421d-bc95-c663042e5b80":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should run with a read only + root file system","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should run with a read only root file system","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should only use allowed capabilities","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should only use allowed capabilities","description":"List of Kubernetes namespaces + to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of capabilities that are allowed to be added to a container","description":"Provide + empty list as input to block everything"},"defaultValue":["[]"]},"requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + The list of capabilities that must be dropped by a container"},"defaultValue":["[]"]},"effect-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should only use allowed AppArmor + profiles","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should only use allowed AppArmor profiles","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedProfiles-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"Array","metadata":{"displayName":"[Deprecated]: + The list of AppArmor profiles that containers are allowed to use","description":"Ex: + ''runtime/default;docker/default''; provide empty list as input to block everything"},"defaultValue":["[]"]},"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pods should only use approved host network + and port range","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods should + only use approved host network and port range","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Boolean","metadata":{"displayName":"[Deprecated]: + Allow host network usage for Kubernetes cluster pods","description":"Set this + value to true if pod is allowed to use host network, otherwise set to false"},"defaultValue":false},"minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Deprecated]: + Minimum value in the allowable host port range that pods can use in the host + network namespace"},"defaultValue":0},"maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Deprecated]: + Maximum value in the allowable host port range that pods can use in the host + network namespace"},"defaultValue":0},"effect-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pod hostPath volumes should only use + allowed host paths","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pod hostPath + volumes should only use allowed host paths","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"Object","metadata":{"displayName":"[Deprecated]: + Allowed host paths for pod hostPath volumes to use","description":"Provide + an empty paths list to block all host paths"},"defaultValue":{"paths":[]}},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-760a85ff-6162-42b3-8d70-698e268f648c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities should be remediated by a Vulnerability + Assessment solution","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f0f936f-2f01-4bf5-b6be-d423792fa562":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in Azure Container Registry images should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fb893a29-21bb-418c-a157-e99480ec364c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable + Kubernetes version","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + on which Windows Defender Exploit Guard is not enabled","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Compliance status to report for Windows servers where Windows Defender Exploit + Guard is not supported"},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Compliant"},"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Audit Windows machines on which Windows Defender Exploit + Guard is not enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d38fc420-0735-4ef3-ac11-c806f651a570":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Long-term geo-redundant backup should be enabled for Azure + SQL Databases","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-82339799-d096-41ae-8538-b108becf0970":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MySQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-48af4db5-9b8b-401c-8e74-076be876a430":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for PostgreSQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MariaDB","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-013e242c-8828-4970-87b3-ab247555486d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Backup should be enabled for Virtual Machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Key vault should have soft delete enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"subnetsShouldBeAssociatedWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''effect-e71308d3-144b-4262-b144-efdc3cc90517'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"internetFacingVirtualMachinesShouldBeProtectedWithNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"iPForwardingOnYourVirtualMachineShouldBeDisabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''effect-bd352bd5-2853-4985-bf0d-73806b4a5744'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"managementPortsShouldBeClosedOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''effect-22730e10-96f6-4aac-ad84-9383d35b5917'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"managementPortsOfVirtualMachinesShouldBeProtectedWithJustInTimeNetworkAccessControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"allInternetTrafficShouldBeRoutedViaYourDeployedAzureFirewall","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4","Azure_Security_Benchmark_v2.0_NS-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"authorizedIPRangesShouldBeDefinedOnKubernetesServices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"firewallShouldBeEnabledOnKeyVault","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''effect-55615ac9-af46-4a59-874e-391cc3dfb490'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldHaveFirewallRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb","parameters":{"effect":{"value":"[parameters(''effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldRestrictNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''effect-037eea7a-bd0a-46c5-9a66-03aea78705d3'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"1b8ca024-1d5c-4dec-8995-b1a932b41780","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldNotAllowUnrestrictedNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''effect-d0793b48-0edc-4296-a390-4c75d1bdfd71'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''effect-b52376f7-9612-48a1-81cd-1ffe4b61032c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''effect-d9844e8a-1437-4aeb-a32c-0c992f056095'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMariadbServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"aPIManagementServicesShouldUseAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b","parameters":{"effect":{"value":"[parameters(''effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b'')]"},"evaluatedSkuNames":{"value":"[parameters(''evaluatedSkuNames-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''effect-0564d078-92f5-4f97-8398-b9f58a51f70b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''effect-0a1302fb-a631-4106-9753-f3d494733990'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''effect-7595c971-233d-4bcf-bd18-596129188c49'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"vMImageBuilderTemplatesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa","parameters":{"effect":{"value":"[parameters(''effect-2154edb9-244f-4741-9970-660785bccdaa'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab","parameters":{"effect":{"value":"[parameters(''effect-40cec1dd-a100-4920-b15b-3024fe8901ab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridTopicsShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f","parameters":{"effect":{"value":"[parameters(''effect-4b90e17e-8448-49db-875e-bd83fb6f804f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSignalrServiceShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f","parameters":{"effect":{"value":"[parameters(''effect-53503636-bcc9-4748-9663-5348217f160f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeConfiguredForKeyVault","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147","parameters":{"effect":{"value":"[parameters(''effect-5f0bc445-3935-4915-9981-011aa2b46147'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"storageAccountShouldUseAPrivateLinkConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9","parameters":{"effect":{"value":"[parameters(''effect-6edd7eda-6dd8-40f7-810d-67160c639cd9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"7698e800-9299-47a6-b3b6-5a0fee576eed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed","parameters":{},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridDomainsShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca","parameters":{"effect":{"value":"[parameters(''effect-9830b652-8523-49cc-b1b3-e17dce1127ca'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"appConfigurationShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7","parameters":{"effect":{"value":"[parameters(''effect-ca610c1d-041c-4332-9d88-7ed3094967c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"containerRegistriesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4","parameters":{"effect":{"value":"[parameters(''effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureCacheForRedisShouldResideWithinAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4","parameters":{"effect":{"value":"[parameters(''effect-7d092e0a-7acd-40d2-a975-dca21cae48c4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"azureSpringCloudShouldUseNetworkInjection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4","parameters":{"effect":{"value":"[parameters(''effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4'')]"},"evaluatedSkuNames":{"value":"[parameters(''evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"azureDdosProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sSHAccessFromTheInternetShouldBeBlocked","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"rDPAccessFromTheInternetShouldBeBlocked","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallWAFShouldBeEnabledForAzureFrontDoorServiceService","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallWAFShouldBeEnabledForApplicationGateway","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''effect-2b9ad585-36bc-4615-b300-fd4435808332'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"servicePrincipalsShouldBeUsedToProtectYourSubscriptionsInsteadOfManagementCertificates","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''effect-6646a0bd-e110-40ca-bb97-84fcee63c414'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"deprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"deprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"externalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"externalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"roleBasedAccessControlRBACShouldBeUsedOnKubernetesServices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{"effect":{"value":"[parameters(''effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"sensitiveDataInYourSQLDatabasesShouldBeClassified","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''effect-cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-1"]},{"policyDefinitionReferenceId":"storageAccountPublicAccessShouldBeDisallowed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"azureDefenderForStorageShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForSQLServersOnMachinesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForAzureSQLDatabaseServersShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnSQLManagedInstance","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSQLDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"webApplicationShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"aPIAppShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"onlySecureConnectionsToYourAzureCacheForRedisShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''effect-399b2637-a50f-4f95-96f8-3a145476eb15'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceHTTPSIngressInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","parameters":{"effect":{"value":"[parameters(''effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"sQLServersShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sQLManagedInstancesShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"automationAccountVariablesShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''effect-3657f5a0-770e-44a3-b44e-9431ba1e9735'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"serviceFabricClustersShouldHaveTheClusterprotectionlevelPropertySetToEncryptandsign","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''effect-617c02be-7f02-4efd-8836-3180d47b6c68'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4","parameters":{"effect":{"value":"[parameters(''effect-11566b39-f7f7-4b82-ab06-68d8700eb0a4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f","parameters":{"effect":{"value":"[parameters(''effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseCustomerManagedKeyCMKForEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8","parameters":{"effect":{"value":"[parameters(''effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274","parameters":{"effect":{"value":"[parameters(''effect-18adea5e-f416-4d0f-8aa8-d24321e3e274'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833","parameters":{"effect":{"value":"[parameters(''effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"storageAccountsShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsForDefiningSafeApplicationsShouldBeEnabledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"azureDefenderForKeyVaultShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForAppServiceShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForServersShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5","Azure_Security_Benchmark_v2.0_ES-1"]},{"policyDefinitionReferenceId":"azureDefenderForKubernetesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForContainerRegistriesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''effect-04c4380f-3fae-46e8-96c9-30193528f602'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"diagnosticLogsInAzureDataLakeStoreShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''effect-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInLogicAppsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''effect-34f95f76-5386-4de7-b824-0d8478470c9d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInIotHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInBatchAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''effect-428256e6-1fac-4f48-a757-df34c2b3336d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInVirtualMachineScaleSetsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''effect-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"},"includeAKSClusters":{"value":"[parameters(''includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInEventHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''effect-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInSearchServicesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInDataLakeAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInKeyVaultShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''effect-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInServiceBusShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAzureStreamAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"auditingOnSQLServerShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourVirtualMachineForAzureSecurityCenterMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''effect-a4fe33eb-e377-4efb-ab31-0784311bc499'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourVirtualMachineScaleSetsForAzureSecurityCenterMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''effect-a3a6ea0c-e018-4933-9ef0-5aaa1501449b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''effect-475aae12-b88a-4572-8b36-9b712b2b3a17'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentHealthIssuesShouldBeResolvedOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourLinuxAzureArcMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourWindowsAzureArcMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"subscriptionsShouldHaveAContactEmailAddressForSecurityIssues","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationForHighSeverityAlertsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''effect-0b15565f-aa9e-48ba-8619-45960f2c314d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourWebApplications","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourFunctionApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplications","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForAPIApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppsShouldHaveClientCertificatesIncomingClientCertificatesEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''effect-eaebaea7-8013-4ceb-9d14-7eb32271373c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''effect-5bb220d9-2698-4ee4-8404-b9c30c9df609'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"azurePolicyAddOnForKubernetesServiceAKSShouldBeInstalledAndEnabledOnYourClusters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''effect-0a15ec92-a229-4763-bb14-0ea34a568f8d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureOnlyAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469'')]"},"effect":{"value":"[parameters(''effect-febd0533-8e55-448f-b837-bd0e06f16469'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-febd0533-8e55-448f-b837-bd0e06f16469'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"doNotAllowPrivilegedContainersInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''effect-95edb821-ddaf-4404-9732-666045e056b4'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-95edb821-ddaf-4404-9732-666045e056b4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureContainersListenOnlyOnAllowedPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsList-440b515e-a580-421e-abeb-b159a61ddcbc'')]"},"effect":{"value":"[parameters(''effect-440b515e-a580-421e-abeb-b159a61ddcbc'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-440b515e-a580-421e-abeb-b159a61ddcbc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureServicesListenOnlyOnAllowedPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"allowedServicePortsList":{"value":"[parameters(''allowedServicePortsList-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"},"effect":{"value":"[parameters(''effect-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClustersShouldNotAllowContainerPrivilegeEscalation","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureContainerCPUAndMemoryResourceLimitsDoNotExceedTheSpecifiedLimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"cpuLimit":{"value":"[parameters(''cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"memoryLimit":{"value":"[parameters(''memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"effect":{"value":"[parameters(''effect-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-e345eecc-fa47-480f-9e88-67dcc122b164'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodsAndContainersShouldOnlyRunWithApprovedUserAndGroupIds","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-f06ddb64-5fa3-4b77-b166-acb36f7f6042'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldNotShareHostProcessIDOrHostIPCNamespace","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldRunWithAReadOnlyRootFileSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''effect-df49d893-a74c-421d-bc95-c663042e5b80'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldOnlyUseAllowedCapabilities","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"allowedCapabilities":{"value":"[parameters(''allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"requiredDropCapabilities":{"value":"[parameters(''requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldOnlyUseAllowedApparmorProfiles","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''effect-511f5417-5d12-434d-ab2e-816901e72a5e'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-511f5417-5d12-434d-ab2e-816901e72a5e'')]"},"allowedProfiles":{"value":"[parameters(''allowedProfiles-511f5417-5d12-434d-ab2e-816901e72a5e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodsShouldOnlyUseApprovedHostNetworkAndPortRange","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"allowHostNetwork":{"value":"[parameters(''allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"minPort":{"value":"[parameters(''minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"maxPort":{"value":"[parameters(''maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodHostpathVolumesShouldOnlyUseAllowedHostPaths","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''effect-098fc59e-46c7-4d99-9b16-64990e543d75'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75'')]"},"allowedHostPaths":{"value":"[parameters(''allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilitiesInContainerSecurityConfigurationsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstance","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSQLDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilitiesInAzureContainerRegistryImagesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''effect-5f0f936f-2f01-4bf5-b6be-d423792fa562'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"systemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"kubernetesServicesShouldBeUpgradedToANonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''effect-fb893a29-21bb-418c-a157-e99480ec364c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"auditWindowsMachinesOnWhichWindowsDefenderExploitGuardIsNotEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"effect":{"value":"[parameters(''effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2"]},{"policyDefinitionReferenceId":"longTermGeoRedundantBackupShouldBeEnabledForAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''effect-d38fc420-0735-4ef3-ac11-c806f651a570'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMysql","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''effect-82339799-d096-41ae-8538-b108becf0970'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgresql","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''effect-48af4db5-9b8b-401c-8e74-076be876a430'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariadb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''effect-0ec47710-77ff-4a3d-9181-6aa50af424d0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''effect-013e242c-8828-4970-87b3-ab247555486d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"keyVaultsShouldHaveSoftDeleteEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"keyVaultsShouldHavePurgeProtectionEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v2.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-1"},{"name":"Azure_Security_Benchmark_v2.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-2"},{"name":"Azure_Security_Benchmark_v2.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-3"},{"name":"Azure_Security_Benchmark_v2.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-4"},{"name":"Azure_Security_Benchmark_v2.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-5"},{"name":"Azure_Security_Benchmark_v2.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-6"},{"name":"Azure_Security_Benchmark_v2.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-1"},{"name":"Azure_Security_Benchmark_v2.0_IM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-2"},{"name":"Azure_Security_Benchmark_v2.0_IM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-3"},{"name":"Azure_Security_Benchmark_v2.0_IM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-4"},{"name":"Azure_Security_Benchmark_v2.0_IM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-5"},{"name":"Azure_Security_Benchmark_v2.0_IM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-6"},{"name":"Azure_Security_Benchmark_v2.0_IM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-8"},{"name":"Azure_Security_Benchmark_v2.0_PA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-1"},{"name":"Azure_Security_Benchmark_v2.0_PA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-2"},{"name":"Azure_Security_Benchmark_v2.0_PA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-3"},{"name":"Azure_Security_Benchmark_v2.0_PA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-4"},{"name":"Azure_Security_Benchmark_v2.0_PA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-5"},{"name":"Azure_Security_Benchmark_v2.0_PA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-6"},{"name":"Azure_Security_Benchmark_v2.0_PA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-7"},{"name":"Azure_Security_Benchmark_v2.0_PA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-8"},{"name":"Azure_Security_Benchmark_v2.0_DP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-1"},{"name":"Azure_Security_Benchmark_v2.0_DP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-2"},{"name":"Azure_Security_Benchmark_v2.0_DP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-3"},{"name":"Azure_Security_Benchmark_v2.0_DP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-4"},{"name":"Azure_Security_Benchmark_v2.0_DP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-1"},{"name":"Azure_Security_Benchmark_v2.0_AM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-2"},{"name":"Azure_Security_Benchmark_v2.0_AM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-3"},{"name":"Azure_Security_Benchmark_v2.0_AM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-4"},{"name":"Azure_Security_Benchmark_v2.0_AM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-1"},{"name":"Azure_Security_Benchmark_v2.0_LT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-2"},{"name":"Azure_Security_Benchmark_v2.0_LT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-3"},{"name":"Azure_Security_Benchmark_v2.0_LT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-4"},{"name":"Azure_Security_Benchmark_v2.0_LT-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-5"},{"name":"Azure_Security_Benchmark_v2.0_LT-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-7"},{"name":"Azure_Security_Benchmark_v2.0_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-1"},{"name":"Azure_Security_Benchmark_v2.0_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-2"},{"name":"Azure_Security_Benchmark_v2.0_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-3"},{"name":"Azure_Security_Benchmark_v2.0_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-4"},{"name":"Azure_Security_Benchmark_v2.0_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-5"},{"name":"Azure_Security_Benchmark_v2.0_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-1"},{"name":"Azure_Security_Benchmark_v2.0_PV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-2"},{"name":"Azure_Security_Benchmark_v2.0_PV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-3"},{"name":"Azure_Security_Benchmark_v2.0_PV-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-4"},{"name":"Azure_Security_Benchmark_v2.0_PV-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-5"},{"name":"Azure_Security_Benchmark_v2.0_PV-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-7"},{"name":"Azure_Security_Benchmark_v2.0_PV-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-8"},{"name":"Azure_Security_Benchmark_v2.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-1"},{"name":"Azure_Security_Benchmark_v2.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-2"},{"name":"Azure_Security_Benchmark_v2.0_ES-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-1"},{"name":"Azure_Security_Benchmark_v2.0_BR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-2"},{"name":"Azure_Security_Benchmark_v2.0_BR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-1"},{"name":"Azure_Security_Benchmark_v2.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-2"},{"name":"Azure_Security_Benchmark_v2.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-3"},{"name":"Azure_Security_Benchmark_v2.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-5"},{"name":"Azure_Security_Benchmark_v2.0_GS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-6"},{"name":"Azure_Security_Benchmark_v2.0_GS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-7"},{"name":"Azure_Security_Benchmark_v2.0_GS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b","type":"Microsoft.Authorization/policySetDefinitions","name":"bb522ac1-bc39-4957-b194-429bcd3bcb0b"},{"properties":{"displayName":"[Preview]: Windows machines should meet requirements for the Azure security baseline","policyType":"BuiltIn","description":"This initiative audits Windows machines with settings that do not meet the Azure security baseline. For details, please visit https://aka.ms/gcpol","metadata":{"version":"2.0.0-preview","category":"Guest @@ -2848,20 +4532,257 @@ interactions: SP 800-53 R4","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/nist80053-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/nist80053-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List - of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"FedRAMP + of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]: + New Zealand ISM Restricted","policyType":"BuiltIn","description":"This initiative + includes policies that address a subset of New Zealand Information Security + Manual controls. Additional policies will be added in upcoming releases. For + more information, visit https://aka.ms/nzism-initiative.","metadata":{"version":"2.0.0-preview","category":"Regulatory + Compliance","preview":true},"parameters":{"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive network hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Application Gateway","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + WAF mode requirement for Application Gateway","description":"The Prevention + or Detection mode must be enabled on the Application Gateway service"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + missing any of specified members in the Administrators group","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be included in Windows VM Administrators group","description":"A + semicolon-separated list of users that should be included in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Linux OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + that have extra accounts in the Administrators group","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that Windows VM Administrators group must only include","description":"A + semicolon-separated list of all the expected members of the Administrators + local group; Ex: Administrator; myUser1; myUser2"},"defaultValue":"Administrator"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Azure Front Door Service","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + WAF mode requirement for Azure Front Door Service","description":"The Prevention + or Detection mode must be enabled on the Azure Front Door service"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: [Preview]: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows web servers + that are not using secure communication protocols","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Linux OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + that have the specified members in the Administrators group","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be excluded from Windows VM Administrators group","description":"A + semicolon-separated list of users that should be excluded in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7796937f-307b-4598-941c-67d3a05ebfe7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure subscriptions should have a log profile for Activity + Log","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9":{"type":"Array","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"},"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9b597639-28e4-48eb-b506-56b05d366257":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft IaaSAntimalware extension should be deployed + on Windows servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure DDoS Protection Standard should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b02aacc0-b073-424e-8298-42b22829ee0a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Activity log should be retained for at least one year","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Service Fabric clusters should only use Azure Active Directory + for client authentication","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + on which Windows Defender Exploit Guard is not enabled","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Compliance state to report for Windows machines on which Windows Defender + Exploit Guard is not available","description":"Windows Defender Exploit Guard + is only available starting with Windows 10/Windows Server with update 1709. + Setting this value to ''Non-Compliant'' shows machines with older versions + on which Windows Defender Exploit Guard is not available (such as Windows + Server 2012 R2) as non-compliant. Setting this value to ''Compliant'' shows + these machines as compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"},"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines on which Windows Defender Exploit + Guard is not enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfAllowedLocations-e56962a6-4747-49cd-b67b-bf8b01975c4c":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed locations for resources (deployments to other locations will be denied)","description":"Locations + for NZISM Restricted are New Zealand North, Australia East, Australia Southeast, + Australia Central and Australia Central 2.","strongType":"location","deprecated":true},"allowedValues":["australiaeast","australiasoutheast","australiacentral","australiacentral2"],"defaultValue":[]},"listOfAllowedLocations-e765b5de-1225-4ba3-bd56-1ac6695af988":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed locations for resource groups (deployments to other locations will + be denied)","description":"Locations for NZISM Restricted are New Zealand + North, Australia East, Australia Southeast, Australia Central and Australia + Central 2.","strongType":"location","deprecated":true},"allowedValues":["australiaeast","australiasoutheast","australiacentral","australiacentral2"],"defaultValue":[]},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Linux machines + that allow remote connections from accounts without passwords","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that allow remote connections from + accounts without passwords","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Windows machines should + meet requirements for ''Security Settings - Account Policies''","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Enforce password history for Windows VM local accounts","description":"Specifies + limits on password reuse - how many times a new password must be created for + a user account before the password can be repeated"},"defaultValue":"24"},"MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Maximum password age for Windows VM local accounts","description":"Specifies + the maximum number of days that may elapse before a user account password + must be changed; the format of the value is two integers separated by a comma, + denoting an inclusive range"},"defaultValue":"1,70"},"MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum password age for Windows VM local accounts","description":"Specifies + the minimum number of days that must elapse before a user account password + can be changed"},"defaultValue":"1"},"MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum password length for Windows VM local accounts","description":"Specifies + the minimum number of characters that a user account password may contain"},"defaultValue":"14"},"PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Password must meet complexity requirements for Windows VM local accounts","description":"Specifies + whether a user account password must be complex; if required, a complex password + must not contain part of the user''s account name or full name; be at least + 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic + characters"},"defaultValue":"1"},"effect-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Settings - Account Policies''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917":{"type":"String","metadata":{"displayName":"[Preview]: + Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) + of the Log Analytics workspace where VMs agents should report"}},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Linux machines + that have accounts without passwords","description":"By selecting ''true,'' + you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that have accounts without passwords","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: [Preview]: All Internet traffic should be routed via your + deployed Azure Firewall","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"055aa869-bc98-4af8-bafc-23f1ab6ffe2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-2","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"12430be1-6cc8-4527-a9a8-e3d38f250096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096","parameters":{"effect":{"value":"[parameters(''effect-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"1c210e94-a481-4beb-95fa-1571b434fb04","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-4","NZISM_Security_Benchmark_v1.0_AC-5","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"},"MembersToInclude":{"value":"[parameters(''MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"32133ab0-ee4b-4b44-98d6-042180979d50","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"331e8ea8-378a-410f-a2e5-ae22f38bb0da","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9","NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"3be22e3b-d919-47aa-805e-8985dbeb0ad9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2'')]"},"Members":{"value":"[parameters(''Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"425bea59-a659-4cbb-8d31-34499bd030b8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8","parameters":{"effect":{"value":"[parameters(''effect-425bea59-a659-4cbb-8d31-34499bd030b8'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-4"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"5752e6d6-1206-46d8-8ab1-ecc2f71a8112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"},"MembersToExclude":{"value":"[parameters(''MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5","NZISM_Security_Benchmark_v1.0_AC-5"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"7796937f-307b-4598-941c-67d3a05ebfe7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''effect-7796937f-307b-4598-941c-67d3a05ebfe7'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-13"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"9b597639-28e4-48eb-b506-56b05d366257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''effect-9b597639-28e4-48eb-b506-56b05d366257'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-5"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"b02aacc0-b073-424e-8298-42b22829ee0a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{"effect":{"value":"[parameters(''effect-b02aacc0-b073-424e-8298-42b22829ee0a'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-15"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"bed48b13-6647-468e-aa2f-1af1d3f4dd40","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"effect":{"value":"[parameters(''effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"ea53dbee-c6c9-4f0e-9f9e-de0039b78023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"},"effect":{"value":"[parameters(''effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3","NZISM_Security_Benchmark_v1.0_PRS-5","NZISM_Security_Benchmark_v1.0_AC-5"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"f2143251-70de-4e81-87a8-36cee5a2f29d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"EnforcePasswordHistory":{"value":"[parameters(''EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MaximumPasswordAge":{"value":"[parameters(''MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MinimumPasswordAge":{"value":"[parameters(''MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MinimumPasswordLength":{"value":"[parameters(''MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"PasswordMustMeetComplexityRequirements":{"value":"[parameters(''PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"effect":{"value":"[parameters(''effect-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-4"]},{"policyDefinitionReferenceId":"f47b5582-33ec-4c5c-87c0-b010a6b2e917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"},"effect":{"value":"[parameters(''effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_ESS-3"]}],"policyDefinitionGroups":[{"name":"NZISM_Security_Benchmark_v1.0_AIS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-1"},{"name":"NZISM_Security_Benchmark_v1.0_AIS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-5"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-1"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-2"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-3"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-4"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-6"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-7"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-8"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-3"},{"name":"NZISM_Security_Benchmark_v1.0_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-5"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-5"},{"name":"NZISM_Security_Benchmark_v1.0_INF-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-1"},{"name":"NZISM_Security_Benchmark_v1.0_INF-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-2"},{"name":"NZISM_Security_Benchmark_v1.0_INF-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-3"},{"name":"NZISM_Security_Benchmark_v1.0_INF-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-4"},{"name":"NZISM_Security_Benchmark_v1.0_INF-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-5"},{"name":"NZISM_Security_Benchmark_v1.0_INF-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-6"},{"name":"NZISM_Security_Benchmark_v1.0_INF-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-7"},{"name":"NZISM_Security_Benchmark_v1.0_INF-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-8"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-1"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-2"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-3"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-4"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-5"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-6"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-7"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-5"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-6"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-7"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-8"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-1"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-2"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-3"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-4"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-5"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-6"},{"name":"NZISM_Security_Benchmark_v1.0_SS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-1"},{"name":"NZISM_Security_Benchmark_v1.0_SS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-2"},{"name":"NZISM_Security_Benchmark_v1.0_SS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-3"},{"name":"NZISM_Security_Benchmark_v1.0_SS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-4"},{"name":"NZISM_Security_Benchmark_v1.0_SS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-5"},{"name":"NZISM_Security_Benchmark_v1.0_SS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-6"},{"name":"NZISM_Security_Benchmark_v1.0_SS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-7"},{"name":"NZISM_Security_Benchmark_v1.0_SS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-8"},{"name":"NZISM_Security_Benchmark_v1.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-1"},{"name":"NZISM_Security_Benchmark_v1.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-2"},{"name":"NZISM_Security_Benchmark_v1.0_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-1"},{"name":"NZISM_Security_Benchmark_v1.0_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-2"},{"name":"NZISM_Security_Benchmark_v1.0_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-3"},{"name":"NZISM_Security_Benchmark_v1.0_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-4"},{"name":"NZISM_Security_Benchmark_v1.0_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-5"},{"name":"NZISM_Security_Benchmark_v1.0_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-6"},{"name":"NZISM_Security_Benchmark_v1.0_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-7"},{"name":"NZISM_Security_Benchmark_v1.0_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-8"},{"name":"NZISM_Security_Benchmark_v1.0_AC-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-9"},{"name":"NZISM_Security_Benchmark_v1.0_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-10"},{"name":"NZISM_Security_Benchmark_v1.0_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-11"},{"name":"NZISM_Security_Benchmark_v1.0_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-12"},{"name":"NZISM_Security_Benchmark_v1.0_AC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-13"},{"name":"NZISM_Security_Benchmark_v1.0_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-14"},{"name":"NZISM_Security_Benchmark_v1.0_AC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-15"},{"name":"NZISM_Security_Benchmark_v1.0_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-16"},{"name":"NZISM_Security_Benchmark_v1.0_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-17"},{"name":"NZISM_Security_Benchmark_v1.0_CR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-1"},{"name":"NZISM_Security_Benchmark_v1.0_CR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-2"},{"name":"NZISM_Security_Benchmark_v1.0_CR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-3"},{"name":"NZISM_Security_Benchmark_v1.0_CR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-4"},{"name":"NZISM_Security_Benchmark_v1.0_CR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-5"},{"name":"NZISM_Security_Benchmark_v1.0_CR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-6"},{"name":"NZISM_Security_Benchmark_v1.0_CR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-7"},{"name":"NZISM_Security_Benchmark_v1.0_CR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-8"},{"name":"NZISM_Security_Benchmark_v1.0_CR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-9"},{"name":"NZISM_Security_Benchmark_v1.0_CR-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-10"},{"name":"NZISM_Security_Benchmark_v1.0_CR-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-11"},{"name":"NZISM_Security_Benchmark_v1.0_CR-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-12"},{"name":"NZISM_Security_Benchmark_v1.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-1"},{"name":"NZISM_Security_Benchmark_v1.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-2"},{"name":"NZISM_Security_Benchmark_v1.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-3"},{"name":"NZISM_Security_Benchmark_v1.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-4"},{"name":"NZISM_Security_Benchmark_v1.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-5"},{"name":"NZISM_Security_Benchmark_v1.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-6"},{"name":"NZISM_Security_Benchmark_v1.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-7"},{"name":"NZISM_Security_Benchmark_v1.0_NS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-8"},{"name":"NZISM_Security_Benchmark_v1.0_NS-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-9"},{"name":"NZISM_Security_Benchmark_v1.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-1"},{"name":"NZISM_Security_Benchmark_v1.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-2"},{"name":"NZISM_Security_Benchmark_v1.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-3"},{"name":"NZISM_Security_Benchmark_v1.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-4"},{"name":"NZISM_Security_Benchmark_v1.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-5"},{"name":"NZISM_Security_Benchmark_v1.0_DM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-1"},{"name":"NZISM_Security_Benchmark_v1.0_DM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-2"},{"name":"NZISM_Security_Benchmark_v1.0_DM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-3"},{"name":"NZISM_Security_Benchmark_v1.0_DM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-4"},{"name":"NZISM_Security_Benchmark_v1.0_DM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-5"},{"name":"NZISM_Security_Benchmark_v1.0_DM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-6"},{"name":"NZISM_Security_Benchmark_v1.0_WO-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-1"},{"name":"NZISM_Security_Benchmark_v1.0_WO-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-2"},{"name":"NZISM_Security_Benchmark_v1.0_WO-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-3"},{"name":"NZISM_Security_Benchmark_v1.0_WO-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-4"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-1"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-2"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-3"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-4"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-5"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a","type":"Microsoft.Authorization/policySetDefinitions","name":"d1a462af-7e6d-4901-98ac-61570b4ed22a"},{"properties":{"displayName":"FedRAMP High","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP H controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/fedramph-blueprint.","metadata":{"version":"3.0.1","category":"Regulatory + For more information, visit https://aka.ms/fedramph-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -2881,7 +4802,7 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability assessment should be enabled on SQL Managed Instance","description":"Audit each SQL Managed Instance which doesn''t have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -2903,7 +4824,7 @@ interactions: backup should be enabled for Azure Database for PostgreSQL","description":"This policy audits any Azure Database for PostgreSQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web Application should only be accessible over HTTPS","description":"Enable or @@ -2933,7 +4854,7 @@ interactions: or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term geo-redundant backup should be enabled for Azure SQL Databases","description":"This policy audits any Azure SQL Database with long-term geo-redundant backup not - enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Deprecated]: + enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information @@ -3303,7 +5224,7 @@ interactions: Moderate","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/fedrampm-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + For more information, visit https://aka.ms/fedrampm-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -3312,13 +5233,13 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members to include","description":"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell @@ -3333,16 +5254,16 @@ interactions: Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.1.0-deprecated","category":"Guest Configuration","deprecated":true},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"[Deprecated]: Application names","description":"A semicolon-separated list of the names - of the applications that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:21.5517925Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:18:22.6304735Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14016369651184776762","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}]}' + of the applications that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:05.63281Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T08:44:06.7885354Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11419590576446172700","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}]}' headers: cache-control: - no-cache content-length: - - '1154511' + - '1806221' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:22 GMT + - Mon, 22 Mar 2021 08:44:07 GMT expires: - '-1' pragma: @@ -3372,24 +5293,24 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:21.5517925Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:18:22.6304735Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14016369651184776762","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:05.63281Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T08:44:06.7885354Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11419590576446172700","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1209' + - '1207' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:23 GMT + - Mon, 22 Mar 2021 08:44:09 GMT expires: - '-1' pragma: @@ -3421,24 +5342,24 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:21.5517925Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:18:22.6304735Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14016369651184776762","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:05.63281Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T08:44:06.7885354Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11419590576446172700","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1209' + - '1207' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:24 GMT + - Mon, 22 Mar 2021 08:44:09 GMT expires: - '-1' pragma: @@ -3470,8 +5391,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -3482,7 +5403,7 @@ interactions: R2","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension policies that address a subset of NIST SP 800-171 R2 requirements. Additional policies will be added in upcoming releases. For - more information, visit https://aka.ms/nist800171r2-blueprint.","metadata":{"version":"4.1.0-preview","category":"Regulatory + more information, visit https://aka.ms/nist800171r2-blueprint.","metadata":{"version":"5.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -3511,10 +5432,10 @@ interactions: for App Services","deprecated":true},"defaultValue":"3.6"},"linuxPythonLatestVersionForAppServices":{"type":"String","metadata":{"displayName":"[Preview]: Latest Linux Python version","description":"Latest supported Python version for App Services"},"defaultValue":"3.8"},"listOfResourceTypesForDiagnosticLogs":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","description":"Audit + List of resource types that should have resource logs enabled","description":"Audit diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"minimumTLSVersionForWindowsServers":{"type":"String","metadata":{"displayName":"[Preview]: Minimum TLS version for Windows web servers","description":"The minimum TLS - protocol version that should be enabled on Windows web servers."},"allowedValues":["1.2"],"defaultValue":"1.2"}},"policyDefinitions":[{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"1bc1795ed44a4d489b3b6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.4.7","NIST_SP_800-171_R2_3.4.8","NIST_SP_800-171_R2_3.4.9"]},{"policyDefinitionReferenceId":"496223c3ad654ecd878abae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.3"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"7008174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7238174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7261b8988a844db89e0418527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.8"]},{"policyDefinitionReferenceId":"74c3584dafae46f7a20a6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"7f89b1eb583c429a8828af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesForDiagnosticLogs'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"88999f4c376a45c8bcb34058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"9d0b6ea493e24578bf2f6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersionForWindowsServers'')]"}},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"securityContactPhoneNumberShouldBeProvidedForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocationsForNetworkWatcher'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIDForVMAgents'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-171_R2_3.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.1"},{"name":"NIST_SP_800-171_R2_3.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.2"},{"name":"NIST_SP_800-171_R2_3.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.3"},{"name":"NIST_SP_800-171_R2_3.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.4"},{"name":"NIST_SP_800-171_R2_3.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.5"},{"name":"NIST_SP_800-171_R2_3.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.6"},{"name":"NIST_SP_800-171_R2_3.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.7"},{"name":"NIST_SP_800-171_R2_3.1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.8"},{"name":"NIST_SP_800-171_R2_3.1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.9"},{"name":"NIST_SP_800-171_R2_3.1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.10"},{"name":"NIST_SP_800-171_R2_3.1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.11"},{"name":"NIST_SP_800-171_R2_3.1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.12"},{"name":"NIST_SP_800-171_R2_3.1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.13"},{"name":"NIST_SP_800-171_R2_3.1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.14"},{"name":"NIST_SP_800-171_R2_3.1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.15"},{"name":"NIST_SP_800-171_R2_3.1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.16"},{"name":"NIST_SP_800-171_R2_3.1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.17"},{"name":"NIST_SP_800-171_R2_3.1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.18"},{"name":"NIST_SP_800-171_R2_3.1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.19"},{"name":"NIST_SP_800-171_R2_3.1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.20"},{"name":"NIST_SP_800-171_R2_3.1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.21"},{"name":"NIST_SP_800-171_R2_3.1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.22"},{"name":"NIST_SP_800-171_R2_3.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.1"},{"name":"NIST_SP_800-171_R2_3.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.2"},{"name":"NIST_SP_800-171_R2_3.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.3"},{"name":"NIST_SP_800-171_R2_3.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.1"},{"name":"NIST_SP_800-171_R2_3.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.2"},{"name":"NIST_SP_800-171_R2_3.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.3"},{"name":"NIST_SP_800-171_R2_3.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.4"},{"name":"NIST_SP_800-171_R2_3.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.5"},{"name":"NIST_SP_800-171_R2_3.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.6"},{"name":"NIST_SP_800-171_R2_3.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.7"},{"name":"NIST_SP_800-171_R2_3.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.8"},{"name":"NIST_SP_800-171_R2_3.3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.9"},{"name":"NIST_SP_800-171_R2_3.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.1"},{"name":"NIST_SP_800-171_R2_3.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.2"},{"name":"NIST_SP_800-171_R2_3.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.3"},{"name":"NIST_SP_800-171_R2_3.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.4"},{"name":"NIST_SP_800-171_R2_3.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.5"},{"name":"NIST_SP_800-171_R2_3.4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.6"},{"name":"NIST_SP_800-171_R2_3.4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.7"},{"name":"NIST_SP_800-171_R2_3.4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.8"},{"name":"NIST_SP_800-171_R2_3.4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.9"},{"name":"NIST_SP_800-171_R2_3.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.1"},{"name":"NIST_SP_800-171_R2_3.5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.2"},{"name":"NIST_SP_800-171_R2_3.5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.3"},{"name":"NIST_SP_800-171_R2_3.5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.4"},{"name":"NIST_SP_800-171_R2_3.5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.5"},{"name":"NIST_SP_800-171_R2_3.5.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.6"},{"name":"NIST_SP_800-171_R2_3.5.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.7"},{"name":"NIST_SP_800-171_R2_3.5.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.8"},{"name":"NIST_SP_800-171_R2_3.5.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.9"},{"name":"NIST_SP_800-171_R2_3.5.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.10"},{"name":"NIST_SP_800-171_R2_3.5.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.11"},{"name":"NIST_SP_800-171_R2_3.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.1"},{"name":"NIST_SP_800-171_R2_3.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.2"},{"name":"NIST_SP_800-171_R2_3.6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.3"},{"name":"NIST_SP_800-171_R2_3.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.1"},{"name":"NIST_SP_800-171_R2_3.7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.2"},{"name":"NIST_SP_800-171_R2_3.7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.3"},{"name":"NIST_SP_800-171_R2_3.7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.4"},{"name":"NIST_SP_800-171_R2_3.7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.5"},{"name":"NIST_SP_800-171_R2_3.7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.6"},{"name":"NIST_SP_800-171_R2_3.8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.1"},{"name":"NIST_SP_800-171_R2_3.8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.2"},{"name":"NIST_SP_800-171_R2_3.8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.3"},{"name":"NIST_SP_800-171_R2_3.8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.4"},{"name":"NIST_SP_800-171_R2_3.8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.5"},{"name":"NIST_SP_800-171_R2_3.8.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.6"},{"name":"NIST_SP_800-171_R2_3.8.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.7"},{"name":"NIST_SP_800-171_R2_3.8.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.8"},{"name":"NIST_SP_800-171_R2_3.8.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.9"},{"name":"NIST_SP_800-171_R2_3.9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.1"},{"name":"NIST_SP_800-171_R2_3.9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.2"},{"name":"NIST_SP_800-171_R2_3.10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.1"},{"name":"NIST_SP_800-171_R2_3.10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.2"},{"name":"NIST_SP_800-171_R2_3.10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.3"},{"name":"NIST_SP_800-171_R2_3.10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.4"},{"name":"NIST_SP_800-171_R2_3.10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.5"},{"name":"NIST_SP_800-171_R2_3.10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.6"},{"name":"NIST_SP_800-171_R2_3.11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.1"},{"name":"NIST_SP_800-171_R2_3.11.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.2"},{"name":"NIST_SP_800-171_R2_3.11.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.3"},{"name":"NIST_SP_800-171_R2_3.12.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.1"},{"name":"NIST_SP_800-171_R2_3.12.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.2"},{"name":"NIST_SP_800-171_R2_3.12.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.3"},{"name":"NIST_SP_800-171_R2_3.12.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.4"},{"name":"NIST_SP_800-171_R2_3.13.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.1"},{"name":"NIST_SP_800-171_R2_3.13.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.2"},{"name":"NIST_SP_800-171_R2_3.13.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.3"},{"name":"NIST_SP_800-171_R2_3.13.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.4"},{"name":"NIST_SP_800-171_R2_3.13.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.5"},{"name":"NIST_SP_800-171_R2_3.13.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.6"},{"name":"NIST_SP_800-171_R2_3.13.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.7"},{"name":"NIST_SP_800-171_R2_3.13.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.8"},{"name":"NIST_SP_800-171_R2_3.13.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.9"},{"name":"NIST_SP_800-171_R2_3.13.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.10"},{"name":"NIST_SP_800-171_R2_3.13.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.11"},{"name":"NIST_SP_800-171_R2_3.13.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.12"},{"name":"NIST_SP_800-171_R2_3.13.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.13"},{"name":"NIST_SP_800-171_R2_3.13.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.14"},{"name":"NIST_SP_800-171_R2_3.13.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.15"},{"name":"NIST_SP_800-171_R2_3.13.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.16"},{"name":"NIST_SP_800-171_R2_3.14.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.1"},{"name":"NIST_SP_800-171_R2_3.14.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.2"},{"name":"NIST_SP_800-171_R2_3.14.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.3"},{"name":"NIST_SP_800-171_R2_3.14.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.4"},{"name":"NIST_SP_800-171_R2_3.14.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.5"},{"name":"NIST_SP_800-171_R2_3.14.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.6"},{"name":"NIST_SP_800-171_R2_3.14.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.7"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9","type":"Microsoft.Authorization/policySetDefinitions","name":"03055927-78bd-4236-86c0-f36125a10dc9"},{"properties":{"displayName":"[Deprecated]: + protocol version that should be enabled on Windows web servers."},"allowedValues":["1.2"],"defaultValue":"1.2"}},"policyDefinitions":[{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"1bc1795ed44a4d489b3b6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.4.7","NIST_SP_800-171_R2_3.4.8","NIST_SP_800-171_R2_3.4.9"]},{"policyDefinitionReferenceId":"496223c3ad654ecd878abae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.3"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"7008174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7238174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7261b8988a844db89e0418527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.8"]},{"policyDefinitionReferenceId":"74c3584dafae46f7a20a6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"7f89b1eb583c429a8828af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesForDiagnosticLogs'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"88999f4c376a45c8bcb34058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"9d0b6ea493e24578bf2f6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersionForWindowsServers'')]"}},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocationsForNetworkWatcher'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIDForVMAgents'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-171_R2_3.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.1"},{"name":"NIST_SP_800-171_R2_3.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.2"},{"name":"NIST_SP_800-171_R2_3.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.3"},{"name":"NIST_SP_800-171_R2_3.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.4"},{"name":"NIST_SP_800-171_R2_3.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.5"},{"name":"NIST_SP_800-171_R2_3.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.6"},{"name":"NIST_SP_800-171_R2_3.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.7"},{"name":"NIST_SP_800-171_R2_3.1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.8"},{"name":"NIST_SP_800-171_R2_3.1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.9"},{"name":"NIST_SP_800-171_R2_3.1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.10"},{"name":"NIST_SP_800-171_R2_3.1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.11"},{"name":"NIST_SP_800-171_R2_3.1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.12"},{"name":"NIST_SP_800-171_R2_3.1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.13"},{"name":"NIST_SP_800-171_R2_3.1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.14"},{"name":"NIST_SP_800-171_R2_3.1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.15"},{"name":"NIST_SP_800-171_R2_3.1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.16"},{"name":"NIST_SP_800-171_R2_3.1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.17"},{"name":"NIST_SP_800-171_R2_3.1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.18"},{"name":"NIST_SP_800-171_R2_3.1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.19"},{"name":"NIST_SP_800-171_R2_3.1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.20"},{"name":"NIST_SP_800-171_R2_3.1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.21"},{"name":"NIST_SP_800-171_R2_3.1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.22"},{"name":"NIST_SP_800-171_R2_3.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.1"},{"name":"NIST_SP_800-171_R2_3.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.2"},{"name":"NIST_SP_800-171_R2_3.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.3"},{"name":"NIST_SP_800-171_R2_3.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.1"},{"name":"NIST_SP_800-171_R2_3.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.2"},{"name":"NIST_SP_800-171_R2_3.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.3"},{"name":"NIST_SP_800-171_R2_3.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.4"},{"name":"NIST_SP_800-171_R2_3.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.5"},{"name":"NIST_SP_800-171_R2_3.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.6"},{"name":"NIST_SP_800-171_R2_3.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.7"},{"name":"NIST_SP_800-171_R2_3.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.8"},{"name":"NIST_SP_800-171_R2_3.3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.9"},{"name":"NIST_SP_800-171_R2_3.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.1"},{"name":"NIST_SP_800-171_R2_3.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.2"},{"name":"NIST_SP_800-171_R2_3.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.3"},{"name":"NIST_SP_800-171_R2_3.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.4"},{"name":"NIST_SP_800-171_R2_3.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.5"},{"name":"NIST_SP_800-171_R2_3.4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.6"},{"name":"NIST_SP_800-171_R2_3.4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.7"},{"name":"NIST_SP_800-171_R2_3.4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.8"},{"name":"NIST_SP_800-171_R2_3.4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.9"},{"name":"NIST_SP_800-171_R2_3.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.1"},{"name":"NIST_SP_800-171_R2_3.5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.2"},{"name":"NIST_SP_800-171_R2_3.5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.3"},{"name":"NIST_SP_800-171_R2_3.5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.4"},{"name":"NIST_SP_800-171_R2_3.5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.5"},{"name":"NIST_SP_800-171_R2_3.5.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.6"},{"name":"NIST_SP_800-171_R2_3.5.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.7"},{"name":"NIST_SP_800-171_R2_3.5.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.8"},{"name":"NIST_SP_800-171_R2_3.5.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.9"},{"name":"NIST_SP_800-171_R2_3.5.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.10"},{"name":"NIST_SP_800-171_R2_3.5.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.11"},{"name":"NIST_SP_800-171_R2_3.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.1"},{"name":"NIST_SP_800-171_R2_3.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.2"},{"name":"NIST_SP_800-171_R2_3.6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.3"},{"name":"NIST_SP_800-171_R2_3.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.1"},{"name":"NIST_SP_800-171_R2_3.7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.2"},{"name":"NIST_SP_800-171_R2_3.7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.3"},{"name":"NIST_SP_800-171_R2_3.7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.4"},{"name":"NIST_SP_800-171_R2_3.7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.5"},{"name":"NIST_SP_800-171_R2_3.7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.6"},{"name":"NIST_SP_800-171_R2_3.8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.1"},{"name":"NIST_SP_800-171_R2_3.8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.2"},{"name":"NIST_SP_800-171_R2_3.8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.3"},{"name":"NIST_SP_800-171_R2_3.8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.4"},{"name":"NIST_SP_800-171_R2_3.8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.5"},{"name":"NIST_SP_800-171_R2_3.8.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.6"},{"name":"NIST_SP_800-171_R2_3.8.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.7"},{"name":"NIST_SP_800-171_R2_3.8.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.8"},{"name":"NIST_SP_800-171_R2_3.8.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.9"},{"name":"NIST_SP_800-171_R2_3.9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.1"},{"name":"NIST_SP_800-171_R2_3.9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.2"},{"name":"NIST_SP_800-171_R2_3.10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.1"},{"name":"NIST_SP_800-171_R2_3.10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.2"},{"name":"NIST_SP_800-171_R2_3.10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.3"},{"name":"NIST_SP_800-171_R2_3.10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.4"},{"name":"NIST_SP_800-171_R2_3.10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.5"},{"name":"NIST_SP_800-171_R2_3.10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.6"},{"name":"NIST_SP_800-171_R2_3.11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.1"},{"name":"NIST_SP_800-171_R2_3.11.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.2"},{"name":"NIST_SP_800-171_R2_3.11.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.3"},{"name":"NIST_SP_800-171_R2_3.12.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.1"},{"name":"NIST_SP_800-171_R2_3.12.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.2"},{"name":"NIST_SP_800-171_R2_3.12.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.3"},{"name":"NIST_SP_800-171_R2_3.12.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.4"},{"name":"NIST_SP_800-171_R2_3.13.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.1"},{"name":"NIST_SP_800-171_R2_3.13.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.2"},{"name":"NIST_SP_800-171_R2_3.13.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.3"},{"name":"NIST_SP_800-171_R2_3.13.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.4"},{"name":"NIST_SP_800-171_R2_3.13.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.5"},{"name":"NIST_SP_800-171_R2_3.13.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.6"},{"name":"NIST_SP_800-171_R2_3.13.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.7"},{"name":"NIST_SP_800-171_R2_3.13.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.8"},{"name":"NIST_SP_800-171_R2_3.13.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.9"},{"name":"NIST_SP_800-171_R2_3.13.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.10"},{"name":"NIST_SP_800-171_R2_3.13.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.11"},{"name":"NIST_SP_800-171_R2_3.13.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.12"},{"name":"NIST_SP_800-171_R2_3.13.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.13"},{"name":"NIST_SP_800-171_R2_3.13.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.14"},{"name":"NIST_SP_800-171_R2_3.13.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.15"},{"name":"NIST_SP_800-171_R2_3.13.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.16"},{"name":"NIST_SP_800-171_R2_3.14.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.1"},{"name":"NIST_SP_800-171_R2_3.14.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.2"},{"name":"NIST_SP_800-171_R2_3.14.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.3"},{"name":"NIST_SP_800-171_R2_3.14.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.4"},{"name":"NIST_SP_800-171_R2_3.14.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.5"},{"name":"NIST_SP_800-171_R2_3.14.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.6"},{"name":"NIST_SP_800-171_R2_3.14.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.7"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9","type":"Microsoft.Authorization/policySetDefinitions","name":"03055927-78bd-4236-86c0-f36125a10dc9"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs in which the Administrators group does not contain only the specified members","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines in which @@ -3540,16 +5461,16 @@ interactions: September 2016","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/irs1075-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/irs1075-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List - of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"[Preview]: + of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines","policyType":"BuiltIn","description":"This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be @@ -3568,9 +5489,9 @@ interactions: should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/133046de-0bd7-4546-93f4-f452e9e258b7","type":"Microsoft.Authorization/policySetDefinitions","name":"133046de-0bd7-4546-93f4-f452e9e258b7"},{"properties":{"displayName":"CIS Microsoft Azure Foundations Benchmark 1.1.0","policyType":"BuiltIn","description":"This - initiative includes audit policies that address a subset of CIS Microsoft - Azure Foundations Benchmark recommendations. Additional policies will be added - in upcoming releases. For more information, visit https://aka.ms/cisazure-blueprint.","metadata":{"version":"7.1.0","category":"Regulatory + initiative includes policies that address a subset of CIS Microsoft Azure + Foundations Benchmark recommendations. Additional policies will be added in + upcoming releases. For more information, visit https://aka.ms/cisazure110-initiative.","metadata":{"version":"9.0.0","category":"Regulatory Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List of regions where Network Watcher should be enabled","description":"To see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"NetworkWatcher @@ -3578,10 +5499,13 @@ interactions: such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List of virtual machine extensions that are approved for use","description":"A semicolon-separated list of virtual machine extensions; to see a complete - list of extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.2"]},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.23"]},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.2"]},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.3","CIS_Azure_1.1.0_7.5"]},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.4"]},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.5","CIS_Azure_1.1.0_7.6"]},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.6","CIS_Azure_1.1.0_7.1","CIS_Azure_1.1.0_7.2"]},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.7"]},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.10"]},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.12"]},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.13"]},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.14","CIS_Azure_1.1.0_4.1"]},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.15","CIS_Azure_1.1.0_4.9"]},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.16"]},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.17"]},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.18"]},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.19"]},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.1"]},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.7"]},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.8"]},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.2"]},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.3"]},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.8"]},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.11"]},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.12"]},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.13"]},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.14"]},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.15"]},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.17"]},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.1"]},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.2"]},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.3"]},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.4"]},{"policyDefinitionReferenceId":"CISv110x5x1x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.6"]},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.1"]},{"policyDefinitionReferenceId":"CISv110x5x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.2"]},{"policyDefinitionReferenceId":"CISv110x5x2x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.3"]},{"policyDefinitionReferenceId":"CISv110x5x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.4"]},{"policyDefinitionReferenceId":"CISv110x5x2x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.5"]},{"policyDefinitionReferenceId":"CISv110x5x2x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.6"]},{"policyDefinitionReferenceId":"CISv110x5x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/policies/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.9"]},{"policyDefinitionReferenceId":"CISv110x6x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.1"]},{"policyDefinitionReferenceId":"CISv110x6x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.2"]},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["CIS_Azure_1.1.0_6.5"]},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["CIS_Azure_1.1.0_7.3"]},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}},"groupNames":["CIS_Azure_1.1.0_7.4"]},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.5"]},{"policyDefinitionReferenceId":"CISv110x9x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.2"]},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.1"},{"name":"CIS_Azure_1.1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.5"},{"name":"CIS_Azure_1.1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.6"},{"name":"CIS_Azure_1.1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.7"},{"name":"CIS_Azure_1.1.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.15"},{"name":"CIS_Azure_1.1.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.21"},{"name":"CIS_Azure_1.1.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.22"},{"name":"CIS_Azure_1.1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.2"},{"name":"CIS_Azure_1.1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.3"},{"name":"CIS_Azure_1.1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.4"},{"name":"CIS_Azure_1.1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.8"},{"name":"CIS_Azure_1.1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.9"},{"name":"CIS_Azure_1.1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.10"},{"name":"CIS_Azure_1.1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.11"},{"name":"CIS_Azure_1.1.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.12"},{"name":"CIS_Azure_1.1.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.13"},{"name":"CIS_Azure_1.1.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.14"},{"name":"CIS_Azure_1.1.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.16"},{"name":"CIS_Azure_1.1.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.17"},{"name":"CIS_Azure_1.1.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.18"},{"name":"CIS_Azure_1.1.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.19"},{"name":"CIS_Azure_1.1.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.20"},{"name":"CIS_Azure_1.1.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.23"},{"name":"CIS_Azure_1.1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.1"},{"name":"CIS_Azure_1.1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.2"},{"name":"CIS_Azure_1.1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.3"},{"name":"CIS_Azure_1.1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.4"},{"name":"CIS_Azure_1.1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.5"},{"name":"CIS_Azure_1.1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.6"},{"name":"CIS_Azure_1.1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.7"},{"name":"CIS_Azure_1.1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.8"},{"name":"CIS_Azure_1.1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.9"},{"name":"CIS_Azure_1.1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.10"},{"name":"CIS_Azure_1.1.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.11"},{"name":"CIS_Azure_1.1.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.12"},{"name":"CIS_Azure_1.1.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.13"},{"name":"CIS_Azure_1.1.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.14"},{"name":"CIS_Azure_1.1.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.15"},{"name":"CIS_Azure_1.1.0_2.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.16"},{"name":"CIS_Azure_1.1.0_2.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.17"},{"name":"CIS_Azure_1.1.0_2.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.18"},{"name":"CIS_Azure_1.1.0_2.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.19"},{"name":"CIS_Azure_1.1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.1"},{"name":"CIS_Azure_1.1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.2"},{"name":"CIS_Azure_1.1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.4"},{"name":"CIS_Azure_1.1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.5"},{"name":"CIS_Azure_1.1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.6"},{"name":"CIS_Azure_1.1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.3"},{"name":"CIS_Azure_1.1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.7"},{"name":"CIS_Azure_1.1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.8"},{"name":"CIS_Azure_1.1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.1"},{"name":"CIS_Azure_1.1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.2"},{"name":"CIS_Azure_1.1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.3"},{"name":"CIS_Azure_1.1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.4"},{"name":"CIS_Azure_1.1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.5"},{"name":"CIS_Azure_1.1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.6"},{"name":"CIS_Azure_1.1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.7"},{"name":"CIS_Azure_1.1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.8"},{"name":"CIS_Azure_1.1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.9"},{"name":"CIS_Azure_1.1.0_4.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.10"},{"name":"CIS_Azure_1.1.0_4.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.11"},{"name":"CIS_Azure_1.1.0_4.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.12"},{"name":"CIS_Azure_1.1.0_4.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.13"},{"name":"CIS_Azure_1.1.0_4.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.14"},{"name":"CIS_Azure_1.1.0_4.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.15"},{"name":"CIS_Azure_1.1.0_4.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.16"},{"name":"CIS_Azure_1.1.0_4.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.17"},{"name":"CIS_Azure_1.1.0_4.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.18"},{"name":"CIS_Azure_1.1.0_4.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.19"},{"name":"CIS_Azure_1.1.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.1"},{"name":"CIS_Azure_1.1.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.2"},{"name":"CIS_Azure_1.1.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.3"},{"name":"CIS_Azure_1.1.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.4"},{"name":"CIS_Azure_1.1.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.5"},{"name":"CIS_Azure_1.1.0_5.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.6"},{"name":"CIS_Azure_1.1.0_5.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.7"},{"name":"CIS_Azure_1.1.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.1"},{"name":"CIS_Azure_1.1.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.2"},{"name":"CIS_Azure_1.1.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.3"},{"name":"CIS_Azure_1.1.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.4"},{"name":"CIS_Azure_1.1.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.5"},{"name":"CIS_Azure_1.1.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.6"},{"name":"CIS_Azure_1.1.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.7"},{"name":"CIS_Azure_1.1.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.8"},{"name":"CIS_Azure_1.1.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.9"},{"name":"CIS_Azure_1.1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.1"},{"name":"CIS_Azure_1.1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.2"},{"name":"CIS_Azure_1.1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.3"},{"name":"CIS_Azure_1.1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.5"},{"name":"CIS_Azure_1.1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.4"},{"name":"CIS_Azure_1.1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.1"},{"name":"CIS_Azure_1.1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.2"},{"name":"CIS_Azure_1.1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.3"},{"name":"CIS_Azure_1.1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.4"},{"name":"CIS_Azure_1.1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.5"},{"name":"CIS_Azure_1.1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.6"},{"name":"CIS_Azure_1.1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.1"},{"name":"CIS_Azure_1.1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.2"},{"name":"CIS_Azure_1.1.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.4"},{"name":"CIS_Azure_1.1.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.5"},{"name":"CIS_Azure_1.1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.3"},{"name":"CIS_Azure_1.1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.1"},{"name":"CIS_Azure_1.1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.2"},{"name":"CIS_Azure_1.1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.3"},{"name":"CIS_Azure_1.1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.4"},{"name":"CIS_Azure_1.1.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.5"},{"name":"CIS_Azure_1.1.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.6"},{"name":"CIS_Azure_1.1.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.7"},{"name":"CIS_Azure_1.1.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.8"},{"name":"CIS_Azure_1.1.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.9"},{"name":"CIS_Azure_1.1.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.10"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"Enable - Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor - all the available security recommendations in Azure Security Center. This - is the default policy for Azure Security Center.","metadata":{"version":"20.0.0","category":"Security + list of extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.2"]},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.23"]},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.1"]},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.2"]},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.3","CIS_Azure_1.1.0_7.5"]},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.4"]},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.5","CIS_Azure_1.1.0_7.6"]},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.6","CIS_Azure_1.1.0_7.1","CIS_Azure_1.1.0_7.2"]},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.7"]},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.10"]},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.12"]},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.13"]},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.14","CIS_Azure_1.1.0_4.1"]},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.15","CIS_Azure_1.1.0_4.9"]},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.16"]},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.18"]},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.19"]},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.1"]},{"policyDefinitionReferenceId":"CISv110x3x6CISv110x5x1x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.6","CIS_Azure_1.1.0_5.1.5"]},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.7"]},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.8"]},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.2"]},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.3"]},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.8"]},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.11"]},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.12"]},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.13"]},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.14"]},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.15"]},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.17"]},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.1"]},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.2"]},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.3"]},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.4"]},{"policyDefinitionReferenceId":"CISv110x5x1x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.6"]},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.1"]},{"policyDefinitionReferenceId":"CISv110x5x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.2"]},{"policyDefinitionReferenceId":"CISv110x5x2x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.3"]},{"policyDefinitionReferenceId":"CISv110x5x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.4"]},{"policyDefinitionReferenceId":"CISv110x5x2x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.5"]},{"policyDefinitionReferenceId":"CISv110x5x2x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.6"]},{"policyDefinitionReferenceId":"CISv110x5x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/policies/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.9"]},{"policyDefinitionReferenceId":"CISv110x6x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.1"]},{"policyDefinitionReferenceId":"CISv110x6x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.2"]},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["CIS_Azure_1.1.0_6.5"]},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["CIS_Azure_1.1.0_7.3"]},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}},"groupNames":["CIS_Azure_1.1.0_7.4"]},{"policyDefinitionReferenceId":"CISv110x8x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.1"]},{"policyDefinitionReferenceId":"CISv110x8x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.2"]},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.5"]},{"policyDefinitionReferenceId":"CISv110x9x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.2"]},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x5x1x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x8x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.1"},{"name":"CIS_Azure_1.1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.5"},{"name":"CIS_Azure_1.1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.6"},{"name":"CIS_Azure_1.1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.7"},{"name":"CIS_Azure_1.1.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.15"},{"name":"CIS_Azure_1.1.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.21"},{"name":"CIS_Azure_1.1.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.22"},{"name":"CIS_Azure_1.1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.2"},{"name":"CIS_Azure_1.1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.3"},{"name":"CIS_Azure_1.1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.4"},{"name":"CIS_Azure_1.1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.8"},{"name":"CIS_Azure_1.1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.9"},{"name":"CIS_Azure_1.1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.10"},{"name":"CIS_Azure_1.1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.11"},{"name":"CIS_Azure_1.1.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.12"},{"name":"CIS_Azure_1.1.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.13"},{"name":"CIS_Azure_1.1.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.14"},{"name":"CIS_Azure_1.1.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.16"},{"name":"CIS_Azure_1.1.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.17"},{"name":"CIS_Azure_1.1.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.18"},{"name":"CIS_Azure_1.1.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.19"},{"name":"CIS_Azure_1.1.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.20"},{"name":"CIS_Azure_1.1.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.23"},{"name":"CIS_Azure_1.1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.1"},{"name":"CIS_Azure_1.1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.2"},{"name":"CIS_Azure_1.1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.3"},{"name":"CIS_Azure_1.1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.4"},{"name":"CIS_Azure_1.1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.5"},{"name":"CIS_Azure_1.1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.6"},{"name":"CIS_Azure_1.1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.7"},{"name":"CIS_Azure_1.1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.8"},{"name":"CIS_Azure_1.1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.9"},{"name":"CIS_Azure_1.1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.10"},{"name":"CIS_Azure_1.1.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.11"},{"name":"CIS_Azure_1.1.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.12"},{"name":"CIS_Azure_1.1.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.13"},{"name":"CIS_Azure_1.1.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.14"},{"name":"CIS_Azure_1.1.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.15"},{"name":"CIS_Azure_1.1.0_2.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.16"},{"name":"CIS_Azure_1.1.0_2.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.17"},{"name":"CIS_Azure_1.1.0_2.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.18"},{"name":"CIS_Azure_1.1.0_2.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.19"},{"name":"CIS_Azure_1.1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.1"},{"name":"CIS_Azure_1.1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.2"},{"name":"CIS_Azure_1.1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.4"},{"name":"CIS_Azure_1.1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.5"},{"name":"CIS_Azure_1.1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.6"},{"name":"CIS_Azure_1.1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.3"},{"name":"CIS_Azure_1.1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.7"},{"name":"CIS_Azure_1.1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.8"},{"name":"CIS_Azure_1.1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.1"},{"name":"CIS_Azure_1.1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.2"},{"name":"CIS_Azure_1.1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.3"},{"name":"CIS_Azure_1.1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.4"},{"name":"CIS_Azure_1.1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.5"},{"name":"CIS_Azure_1.1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.6"},{"name":"CIS_Azure_1.1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.7"},{"name":"CIS_Azure_1.1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.8"},{"name":"CIS_Azure_1.1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.9"},{"name":"CIS_Azure_1.1.0_4.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.10"},{"name":"CIS_Azure_1.1.0_4.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.11"},{"name":"CIS_Azure_1.1.0_4.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.12"},{"name":"CIS_Azure_1.1.0_4.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.13"},{"name":"CIS_Azure_1.1.0_4.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.14"},{"name":"CIS_Azure_1.1.0_4.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.15"},{"name":"CIS_Azure_1.1.0_4.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.16"},{"name":"CIS_Azure_1.1.0_4.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.17"},{"name":"CIS_Azure_1.1.0_4.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.18"},{"name":"CIS_Azure_1.1.0_4.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.19"},{"name":"CIS_Azure_1.1.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.1"},{"name":"CIS_Azure_1.1.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.2"},{"name":"CIS_Azure_1.1.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.3"},{"name":"CIS_Azure_1.1.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.4"},{"name":"CIS_Azure_1.1.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.5"},{"name":"CIS_Azure_1.1.0_5.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.6"},{"name":"CIS_Azure_1.1.0_5.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.7"},{"name":"CIS_Azure_1.1.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.1"},{"name":"CIS_Azure_1.1.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.2"},{"name":"CIS_Azure_1.1.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.3"},{"name":"CIS_Azure_1.1.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.4"},{"name":"CIS_Azure_1.1.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.5"},{"name":"CIS_Azure_1.1.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.6"},{"name":"CIS_Azure_1.1.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.7"},{"name":"CIS_Azure_1.1.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.8"},{"name":"CIS_Azure_1.1.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.9"},{"name":"CIS_Azure_1.1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.1"},{"name":"CIS_Azure_1.1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.2"},{"name":"CIS_Azure_1.1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.3"},{"name":"CIS_Azure_1.1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.5"},{"name":"CIS_Azure_1.1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.4"},{"name":"CIS_Azure_1.1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.1"},{"name":"CIS_Azure_1.1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.2"},{"name":"CIS_Azure_1.1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.3"},{"name":"CIS_Azure_1.1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.4"},{"name":"CIS_Azure_1.1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.5"},{"name":"CIS_Azure_1.1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.6"},{"name":"CIS_Azure_1.1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.1"},{"name":"CIS_Azure_1.1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.2"},{"name":"CIS_Azure_1.1.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.4"},{"name":"CIS_Azure_1.1.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.5"},{"name":"CIS_Azure_1.1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.3"},{"name":"CIS_Azure_1.1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.1"},{"name":"CIS_Azure_1.1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.2"},{"name":"CIS_Azure_1.1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.3"},{"name":"CIS_Azure_1.1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.4"},{"name":"CIS_Azure_1.1.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.5"},{"name":"CIS_Azure_1.1.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.6"},{"name":"CIS_Azure_1.1.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.7"},{"name":"CIS_Azure_1.1.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.8"},{"name":"CIS_Azure_1.1.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.9"},{"name":"CIS_Azure_1.1.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.10"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"Azure + Security Benchmark","policyType":"BuiltIn","description":"The Azure Security + Benchmark initiative represents the policies and controls implementing security + recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. + This also serves as the Azure Security Center default policy initiative. You + can directly assign this initiative, or manage its policies and compliance + results within Azure Security Center.","metadata":{"version":"25.1.1","category":"Security Center"},"parameters":{"useServicePrincipalToProtectSubscriptionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Service principals should be used to protect your subscriptions instead of management certificates","description":"Management certificates allow anyone who authenticates @@ -3613,13 +5537,12 @@ interactions: key vault secrets should have expiration dates set."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"keysExpirationSetEffect":{"type":"String","metadata":{"displayName":"Key Vault keys should have expiration dates set","description":"Enable or disable key vault keys should have expiration dates set."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"azurePolicyforWindowsMonitoringEffect":{"type":"String","metadata":{"displayName":"Guest - Configuration extension should be installed on Windows virtual machines","description":"Enable + Configuration extension should be installed on virtual machines","description":"Enable or disable virtual machines reporting that the Guest Configuration extension - for Windows should be installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"gcExtOnVMWithNoSAMIMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual - Machines with Guest Configuration extension should have system assigned managed - identities","description":"Enable or disable virtual machines with no system - assigned managed identity reporting that the Guest Configuration extension - is installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"windowsDefenderExploitGuardMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows + should be installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"gcExtOnVMWithNoSAMIMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual + machines'' Guest Configuration extension should be deployed with system-assigned + managed identity","description":"Enable or disable Virtual machines'' Guest + Configuration extension should be deployed with system-assigned managed identity"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"windowsDefenderExploitGuardMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows Defender Exploit Guard should be enabled on your Windows virtual machines","description":"Enable or disable virtual machines reporting that Windows Defender Exploit Guard is enabled"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System @@ -3652,7 +5575,7 @@ interactions: NSG rules monitoring."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"A + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"A vulnerability assessment solution should be enabled on your virtual machines","description":"Enable or disable the detection of virtual machine vulnerabilities by Azure Security Center vulnerability assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit @@ -3682,74 +5605,74 @@ interactions: servers should be configured with auditing retention days greater than 90 days","description":"Enable or disable the monitoring of SQL servers with auditing retention period less than 90","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInAppServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure App Services","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs in Azure App Services","description":"Enable or disable the + monitoring of resource logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in App Services should be enabled","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation + monitoring of resource logs in Azure App Services","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation account variables should be encrypted","description":"Enable or disable the - monitoring of automation account encryption"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + monitoring of automation account encryption"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Batch accounts should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric + resource logs retention period in days"},"defaultValue":"1"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric alert rules should be configured on Batch accounts","description":"Enable or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual machines should be migrated to new Azure Resource Manager resources","description":"Enable or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage accounts should be migrated to new Azure Resource Manager resources","description":"Enable - or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Data Lake Analytics should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Data Lake Analytics accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + required resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Azure Data Lake Store should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required + disable the monitoring of resource logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + required resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Event Hub should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Key Vault should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Key Vault vaults","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Logic Apps should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Logic Apps workflows","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only secure connections to your Redis Cache should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of resource logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Search services should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service + resource logs retention period in days"},"defaultValue":"1"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service Fabric clusters should only use Azure Active Directory for client authentication","description":"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","description":"Enable - or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Service Bus should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Service Bus","description":"The required diagnostic - logs retention period in days"},"defaultValue":"365"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All + monitoring of resource logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required + retention (in days) of logs in Service Bus","description":"The required resource + logs retention period in days"},"defaultValue":"1"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace","description":"Enable or disable the monitoring of Service Bus namespace authorization rules","deprecated":true},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"aadAuthenticationInSqlServerMonitoringEffect":{"type":"String","metadata":{"displayName":"An Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Secure transfer to storage accounts should be enabled","description":"Enable or disable - the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Azure Stream Analytics should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required + disable the monitoring of resource logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Stream Analytics","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit + resource logs retention period in days"},"defaultValue":"1"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit usage of custom RBAC rules","description":"Enable or disable the monitoring of using built-in RBAC rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit unrestricted network access to storage accounts","description":"Enable or - disable the monitoring of network access to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + disable the monitoring of network access to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Virtual Machine Scale Sets should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All + or disable the monitoring of resource logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace","description":"Enable or disable the monitoring of access rules in Event Hub namespaces","deprecated":true},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"accessRulesInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Authorization @@ -3757,7 +5680,12 @@ interactions: disable the monitoring of access rules in Event Hubs","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverSqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities + on your SQL servers on machine should be remediated","description":"SQL Vulnerability + assessment scans your database for security vulnerabilities, and exposes any + deviations from best practices such as misconfigurations, excessive permissions, + and unprotected sensitive data. Resolving the vulnerabilities found can greatly + improve your database security posture."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive data in your SQL databases should be classified","description":"Enable or disable the monitoring of sensitive data classification in databases."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"type":"String","metadata":{"displayName":"A maximum of 3 owners should be designated for your subscription","description":"Enable @@ -3860,11 +5788,11 @@ interactions: use latest Python in Web App","description":"Enable or disable the monitoring of Python version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vnetEnableDDoSProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure DDoS Protection Standard should be enabled","description":"Enable or disable - the monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + the monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in IoT Hub should be enabled","description":"Enable or disable the monitoring - of diagnostic logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + of resource logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in IoT Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced + resource logs retention period in days"},"defaultValue":"1"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced data security should be enabled on your SQL servers","description":"Enable or disable the monitoring of SQL servers without Advanced Data Security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced data security should be enabled on SQL Managed Instance","description":"Enable @@ -3917,7 +5845,7 @@ interactions: Security settings","description":"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management ports should be closed on your virtual machines","description":"Enable or @@ -4116,8 +6044,8 @@ interactions: region failure. Configuring geo-redundant storage for backup is only allowed during server create."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest TLS version should be used in your API App","description":"Upgrade to the - latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic - logs in App Services should be enabled","description":"Audit enabling of diagnostic + latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource + logs in App Services should be enabled","description":"Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"Managed identity should be used in your API App","description":"Use a managed identity @@ -4211,7 +6139,283 @@ interactions: should be required in your Web App","description":"Enable FTPS enforcement for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS only should be required in your API App","description":"Enable FTPS enforcement - for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"useServicePrincipalToProtectSubscriptionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''useServicePrincipalToProtectSubscriptionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"updateOsVersionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a913c68-0590-402c-a531-e57e19379da3","parameters":{"effect":{"value":"[parameters(''updateOsVersionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"resolveLogAnalyticsHealthIssuesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''resolveLogAnalyticsHealthIssuesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmssMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmssMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"certificatesValidityPeriodMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","parameters":{"effect":{"value":"[parameters(''certificatesValidityPeriodMonitoringEffect'')]"},"maximumValidityInMonths":{"value":"[parameters(''certificatesValidityPeriodInMonths'')]"}}},{"policyDefinitionReferenceId":"secretsExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''secretsExpirationSetEffect'')]"}}},{"policyDefinitionReferenceId":"keysExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''keysExpirationSetEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"gcExtOnVMMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''azurePolicyforWindowsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"gcExtOnVMWithNoSAMIMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''gcExtOnVMWithNoSAMIMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"windowsDefenderExploitGuardMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"effect":{"value":"[parameters(''windowsDefenderExploitGuardMonitoringEffect'')]"},"NotAvailableMachineState":{"value":"Compliant"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsUpdateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsUpdateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnInternalVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}},{"policyDefinitionReferenceId":"AzureFirewallEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''AzureFirewallEffect'')]"}}},{"policyDefinitionReferenceId":"ArcWindowsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''ArcWindowsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ArcLinuxMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''ArcLinuxMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"keyVaultsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''keyVaultsAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServersAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''sqlServersAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageAccountsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''storageAccountsAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"appServicesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''appServicesAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerRegistryAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''containerRegistryAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"virtualMachinesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''virtualMachinesAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"azurePolicyAddonStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''azurePolicyAddonStatusEffect'')]"}}},{"policyDefinitionReferenceId":"ensureAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"effect":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterEffect'')]"},"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterRegex'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerImagesNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"privilegedContainersShouldBeAvoided","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''privilegedContainersShouldBeAvoidedEffect'')]"},"excludedNamespaces":{"value":"[parameters(''privilegedContainerNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"allowedContainerPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"effect":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterEffect'')]"},"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"allowedServicePortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"effect":{"value":"[parameters(''allowedServicePortsInKubernetesClusterEffect'')]"},"allowedServicePortsList":{"value":"[parameters(''allowedservicePortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedServicePortsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"memoryAndCPULimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"effect":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterEffect'')]"},"cpuLimit":{"value":"[parameters(''CPUInKubernetesClusterLimit'')]"},"memoryLimit":{"value":"[parameters(''memoryInKubernetesClusterLimit'')]"},"excludedNamespaces":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"MustRunAsNonRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''MustRunAsNonRootNamespaceEffect'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"excludedNamespaces":{"value":"[parameters(''MustRunAsNonRootNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"containerRegistryVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''containerRegistryVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"NoPrivilegeEscalationInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"NoSharingSensitiveHostNamespacesInKubernetes","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"ReadOnlyRootFileSystemInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"AllowedCapabilitiesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterNamespaceExclusion'')]"},"allowedCapabilities":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterList'')]"},"requiredDropCapabilities":{"value":"[parameters(''DropCapabilitiesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"AllowedAppArmorProfilesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterNamespaceExclusion'')]"},"allowedProfiles":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"AllowedHostNetworkingAndPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterNamespaceExclusion'')]"},"allowHostNetwork":{"value":"[parameters(''AllowHostNetworkingInKubernetesCluster'')]"},"minPort":{"value":"[parameters(''AllowedHostMinPortInKubernetesCluster'')]"},"maxPort":{"value":"[parameters(''AllowedHostMaxPortInKubernetesCluster'')]"}}},{"policyDefinitionReferenceId":"AllowedHostPathVolumesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterNamespaceExclusion'')]"},"allowedHostPaths":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"StorageDisallowPublicAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''disallowPublicBlobAccessEffect'')]"}}},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''fTPSShouldBeRequiredInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Deprecated]: + for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Function + apps should have ''Client Certificates (Incoming client certificates)'' enabled","description":"Client + certificates allow for the app to request a certificate for incoming requests. + Only clients with valid certificates will be able to reach the app."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should enable data encryption with a customer-managed key","description":"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/cosmosdb-cmk."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cosmos DB accounts should use customer-managed keys to encrypt data at rest","description":"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/cosmosdb-cmk."},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Key + vaults should have purge protection enabled","description":"Malicious deletion + of a key vault can lead to permanent data loss. A malicious insider in your + organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Key + vaults should have soft delete enabled","description":"Deleting a key vault + without soft delete enabled permanently deletes all secrets, keys, and certificates + stored in the key vault. Accidental deletion of a key vault can lead to permanent + data loss. Soft delete allows you to recover an accidentally deleted key vault + for a configurable retention period."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cache for Redis should reside within a virtual network","description":"Azure + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + accounts should use customer-managed key for encryption","description":"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + accounts should restrict network access using virtual network rules","description":"Protect + your storage accounts from potential threats using virtual network rules as + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should be encrypted with a customer-managed key","description":"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/acr/CMK."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should not allow unrestricted network access","description":"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn''t have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should use private link","description":"Azure Private Link lets + you connect your virtual network to Azure services without a public IP address + at the source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network.By mapping + private endpoints to your container registries instead of the entire service, + you''ll also be protected against data leakage risks. Learn more at: https://aka.ms/acr/private-link."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"appConfigurationShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"App + Configuration should use private link","description":"Azure Private Link lets + you connect your virtual network to Azure services without a public IP address + at the source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your app configuration instances instead of the entire + service, you''ll also be protected against data leakage risks. Learn more + at: https://aka.ms/appconfig/private-endpoint."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Event Grid domains should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network.By + mapping private endpoints to your Event Grid domains instead of the entire + service, you''ll also be protected against data leakage risks.Learn more at: + https://aka.ms/privateendpoints."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Event Grid topics should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network. + By mapping private endpoints to your topics instead of the entire service, + you''ll also be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureSignalRServiceShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + SignalR Service should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network. + By mapping private endpoints to your SignalR resources instead of the entire + service, you''ll also be protected against data leakage risks .Learn more + at: https://aka.ms/asrs/privatelink."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Machine Learning workspaces should be encrypted with a customer-managed key","description":"Manage + encryption at rest of your Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/azureml-workspaces-cmk."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Machine Learning workspaces should use private link","description":"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you''ll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Web + Application Firewall (WAF) should be enabled for Azure Front Door Service + service","description":"Deploy Azure Web Application Firewall (WAF) in front + of public facing web applications for additional inspection of incoming traffic. + Web Application Firewall (WAF) provides centralized protection of your web + applications from common exploits and vulnerabilities such as SQL injections, + Cross-Site Scripting, local and remote file executions. You can also restrict + access to your web applications by countries, IP address ranges, and other + http(s) parameters via custom rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect":{"type":"String","metadata":{"displayName":"Web + Application Firewall (WAF) should be enabled for Application Gateway","description":"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for MariaDB servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for MariaDB can only be accessed from a private endpoint. This configuration + strictly disables access from any public address space outside of Azure IP + range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for MySQL servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for MySQL can only be accessed from a private endpoint. This configuration + strictly disables access from any public address space outside of Azure IP + range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Bring + your own key data protection should be enabled for MySQL servers","description":"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for PostgreSQL servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for PostgreSQL can only be accessed from a private endpoint. This + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Bring + your own key data protection should be enabled for PostgreSQL servers","description":"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"VM + Image Builder templates should use private link","description":"Audit VM Image + Builder templates that do not have a virtual network configured. When a virtual + network is not configured, a public IP is created and used instead which may + directly expose resources to the internet and increase the potential attack + surface."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"firewallShouldBeEnabledOnKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Firewall + should be enabled on Key Vault","description":"Key vault''s firewall prevents + unauthorized traffic from reaching your key vault and provides an additional + layer of protection for your secrets. Enable the firewall to make sure that + only traffic from allowed networks can access your key vault."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Private + endpoint should be configured for Key Vault","description":"Private link provides + a way to connect Key Vault to your Azure resources without sending traffic + over the public internet. Private link provides defense in depth protection + against data exfiltration."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureSpringCloudShouldUseNetworkInjectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Spring Cloud should use network injection","description":"Azure Spring Cloud + instances should use virtual network injection for the following purposes: + 1. Isolate Azure Spring Cloud from Internet. 2. Enable Azure Spring Cloud + to interact with systems in either on premises data centers or Azure service + in other virtual networks. 3. Empower customers to control inbound and outbound + network communications for Azure Spring Cloud."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect":{"type":"String","metadata":{"displayName":"Subscriptions + should have a contact email address for security issues","description":"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, set a security contact + to receive email notifications from Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Auto + provisioning of the Log Analytics agent should be enabled on your subscription","description":"To + monitor for security vulnerabilities and threats, Azure Security Center collects + data from your Azure virtual machines. Data is collected by the Log Analytics + agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads + various security-related configurations and event logs from the machine and + copies the data to your Log Analytics workspace for analysis. We recommend + enabling auto provisioning to automatically deploy the agent to all supported + Azure VMs and any new ones that are created."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Email + notification for high severity alerts should be enabled","description":"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, enable email notifications + for high severity alerts in Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Email + notification to subscription owner for high severity alerts should be enabled","description":"To + ensure your subscription owners are notified when there is a potential security + breach in their subscription, set email notifications to subscription owners + for high severity alerts in Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + account should use a private link connection","description":"Private links + enforce secure communication, by providing private connectivity to the storage + account"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect":{"type":"String","metadata":{"displayName":"Authentication + to Linux machines should require SSH keys","description":"Although SSH itself + provides an encrypted connection, using passwords with SSH still leaves the + VM vulnerable to brute-force attacks. The most secure option for authenticating + to an Azure Linux virtual machine over SSH is with a public-private key pair, + also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Private + endpoint connections on Azure SQL Database should be enabled","description":"Private + endpoint connections enforce secure communication by enabling private connectivity + to Azure SQL Database."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access on Azure SQL Database should be disabled","description":"Disabling + the public network access property improves security by ensuring your Azure + SQL Database can only be accessed from a private endpoint. This configuration + denies all logins that match IP or virtual network based firewall rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect":{"type":"String","metadata":{"displayName":"Ensure + API app has Client Certificates Incoming client certificates set to On","description":"Client + certificates allow for the app to request a certificate for incoming requests. + Only clients that have a valid certificate will be able to reach the app."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect":{"type":"String","metadata":{"displayName":"Kubernetes + clusters should be accessible only over HTTPS","description":"Use of HTTPS + ensures authentication and protects data in transit from network layer eavesdropping + attacks. This capability is currently generally available for Kubernetes Service + (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For + more info, visit https://aka.ms/kubepolicydoc"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSExcludedNamespaces":{"type":"Array","metadata":{"displayName":"Namespace + exclusions","description":"List of Kubernetes namespaces to exclude from policy + evaluation."},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSNamespaces":{"type":"Array","metadata":{"displayName":"Namespace + inclusions","description":"List of Kubernetes namespaces to only include in + policy evaluation. An empty list means the policy is applied to all resources + in all namespaces."},"defaultValue":[]},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows + web servers should be configured to use secure communication protocols","description":"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsIncludeArcMachines":{"type":"String","metadata":{"displayName":"Include + Arc connected servers","description":"By selecting this option, you agree + to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum + TLS version","description":"The minimum TLS protocol version that should be + enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"},"cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should restrict network access","description":"Network access + to Cognitive Services accounts should be restricted. Configure network rules + so only applications from allowed networks can access the Cognitive Services + account. To allow connections from specific internet or on-premises clients, + access can be granted to traffic from specific Azure virtual networks or to + public internet IP address ranges."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should use customer owned storage or enable data encryption","description":"This + policy audits any Cognitive Services account not using customer owned storage + nor data encryption. For each Cognitive Services account with storage, use + either customer owned storage or enable data encryption."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for Cognitive Services accounts","description":"This + policy audits any Cognitive Services account in your environment with public + network access enabled. Public network access should be disabled so that only + connections from private endpoints are allowed."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should enable data encryption","description":"This policy + audits any Cognitive Services account not using data encryption. For each + Cognitive Services account with storage, should enable data encryption with + either customer managed or Microsoft managed key."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect":{"type":"String","metadata":{"displayName":"API + Management services should use a virtual network","description":"Azure Virtual + Network deployment provides enhanced security, isolation and allows you to + place your API Management service in a non-internet routable network that + you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"aPIManagementServicesShouldUseAVirtualNetworkEvaluatedSkuNames":{"type":"Array","metadata":{"displayName":"API + Management SKU Names","description":"List of API Management SKUs against which + this policy will be evaluated."},"allowedValues":["Developer","Basic","Standard","Premium","Consumption"],"defaultValue":["Developer","Premium"]},"azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cosmos DB accounts should have firewall rules","description":"Firewall rules + should be defined on your Azure Cosmos DB accounts to prevent traffic from + unauthorized sources. Accounts that have at least one IP rule defined with + the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"networkWatcherShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Network + Watcher should be enabled","description":"Network Watcher is a regional service + that enables you to monitor and diagnose conditions at a network scenario + level in, to, and from Azure. Scenario level monitoring enables you to diagnose + problems at an end to end network level view. Network diagnostic and visualization + tools available with Network Watcher help you understand, diagnose, and gain + insights to your network in Azure."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkWatcherShouldBeEnabledListOfLocations":{"type":"Array","metadata":{"displayName":"List + of regions where Network Watcher should be enabled","description":"To see + a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":["[]"]},"networkWatcherShouldBeEnabledResourceGroupName":{"type":"String","metadata":{"displayName":"Name + of the resource group for Network Watcher","description":"Name of the resource + group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"}},"policyDefinitions":[{"policyDefinitionReferenceId":"useServicePrincipalToProtectSubscriptionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''useServicePrincipalToProtectSubscriptionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"updateOsVersionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a913c68-0590-402c-a531-e57e19379da3","parameters":{"effect":{"value":"[parameters(''updateOsVersionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"resolveLogAnalyticsHealthIssuesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''resolveLogAnalyticsHealthIssuesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmssMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmssMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"certificatesValidityPeriodMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","parameters":{"effect":{"value":"[parameters(''certificatesValidityPeriodMonitoringEffect'')]"},"maximumValidityInMonths":{"value":"[parameters(''certificatesValidityPeriodInMonths'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"secretsExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''secretsExpirationSetEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"keysExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''keysExpirationSetEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"gcExtOnVMMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''azurePolicyforWindowsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"gcExtOnVMWithNoSAMIMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''gcExtOnVMWithNoSAMIMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"windowsDefenderExploitGuardMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"effect":{"value":"[parameters(''windowsDefenderExploitGuardMonitoringEffect'')]"},"NotAvailableMachineState":{"value":"Compliant"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2"]},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsUpdateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsUpdateMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnInternalVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"serverSqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d","parameters":{"effect":{"value":"[parameters(''serverSqlDbVulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"AzureFirewallEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''AzureFirewallEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4","Azure_Security_Benchmark_v2.0_NS-5"]},{"policyDefinitionReferenceId":"ArcWindowsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''ArcWindowsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"ArcLinuxMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''ArcLinuxMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"keyVaultsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''keyVaultsAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"sqlServersAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''sqlServersAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"storageAccountsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''storageAccountsAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"appServicesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''appServicesAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"containerRegistryAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''containerRegistryAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"kubernetesServiceAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"virtualMachinesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''virtualMachinesAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5","Azure_Security_Benchmark_v2.0_ES-1"]},{"policyDefinitionReferenceId":"azurePolicyAddonStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''azurePolicyAddonStatusEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"effect":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterEffect'')]"},"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterRegex'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerImagesNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"privilegedContainersShouldBeAvoided","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''privilegedContainersShouldBeAvoidedEffect'')]"},"excludedNamespaces":{"value":"[parameters(''privilegedContainerNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"allowedContainerPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"effect":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterEffect'')]"},"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"allowedServicePortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"effect":{"value":"[parameters(''allowedServicePortsInKubernetesClusterEffect'')]"},"allowedServicePortsList":{"value":"[parameters(''allowedservicePortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedServicePortsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"memoryAndCPULimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"effect":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterEffect'')]"},"cpuLimit":{"value":"[parameters(''CPUInKubernetesClusterLimit'')]"},"memoryLimit":{"value":"[parameters(''memoryInKubernetesClusterLimit'')]"},"excludedNamespaces":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"MustRunAsNonRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''MustRunAsNonRootNamespaceEffect'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"excludedNamespaces":{"value":"[parameters(''MustRunAsNonRootNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"containerRegistryVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''containerRegistryVulnerabilityAssessmentEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"NoPrivilegeEscalationInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"NoSharingSensitiveHostNamespacesInKubernetes","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ReadOnlyRootFileSystemInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedCapabilitiesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterNamespaceExclusion'')]"},"allowedCapabilities":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterList'')]"},"requiredDropCapabilities":{"value":"[parameters(''DropCapabilitiesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedAppArmorProfilesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterNamespaceExclusion'')]"},"allowedProfiles":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedHostNetworkingAndPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterNamespaceExclusion'')]"},"allowHostNetwork":{"value":"[parameters(''AllowHostNetworkingInKubernetesCluster'')]"},"minPort":{"value":"[parameters(''AllowedHostMinPortInKubernetesCluster'')]"},"maxPort":{"value":"[parameters(''AllowedHostMaxPortInKubernetesCluster'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedHostPathVolumesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterNamespaceExclusion'')]"},"allowedHostPaths":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"StorageDisallowPublicAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''disallowPublicBlobAccessEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-6"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''fTPSShouldBeRequiredInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f","parameters":{"effect":{"value":"[parameters(''azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4","parameters":{"effect":{"value":"[parameters(''azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"appConfigurationShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7","parameters":{"effect":{"value":"[parameters(''appConfigurationShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca","parameters":{"effect":{"value":"[parameters(''azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f","parameters":{"effect":{"value":"[parameters(''azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSignalRServiceShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f","parameters":{"effect":{"value":"[parameters(''azureSignalRServiceShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8","parameters":{"effect":{"value":"[parameters(''azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab","parameters":{"effect":{"value":"[parameters(''azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833","parameters":{"effect":{"value":"[parameters(''bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274","parameters":{"effect":{"value":"[parameters(''bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa","parameters":{"effect":{"value":"[parameters(''vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"firewallShouldBeEnabledOnKeyVaultMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''firewallShouldBeEnabledOnKeyVaultMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSpringCloudShouldUseNetworkInjectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4","parameters":{"effect":{"value":"[parameters(''azureSpringCloudShouldUseNetworkInjectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9","parameters":{"effect":{"value":"[parameters(''storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6","parameters":{"effect":{"value":"[parameters(''authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed","parameters":{"effect":{"value":"[parameters(''privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","parameters":{"effect":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect'')]"},"excludedNamespaces":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSExcludedNamespaces'')]"},"namespaces":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSNamespaces'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"effect":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect'')]"},"IncludeArcMachines":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsIncludeArcMachines'')]"},"MinimumTLSVersion":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMinimumTLSVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b","parameters":{"effect":{"value":"[parameters(''aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect'')]"},"evaluatedSkuNames":{"value":"[parameters(''aPIManagementServicesShouldUseAVirtualNetworkEvaluatedSkuNames'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb","parameters":{"effect":{"value":"[parameters(''azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"effect":{"value":"[parameters(''networkWatcherShouldBeEnabledMonitoringEffect'')]"},"listOfLocations":{"value":"[parameters(''networkWatcherShouldBeEnabledListOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''networkWatcherShouldBeEnabledResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v2.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-1"},{"name":"Azure_Security_Benchmark_v2.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-2"},{"name":"Azure_Security_Benchmark_v2.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-3"},{"name":"Azure_Security_Benchmark_v2.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-4"},{"name":"Azure_Security_Benchmark_v2.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-5"},{"name":"Azure_Security_Benchmark_v2.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-6"},{"name":"Azure_Security_Benchmark_v2.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-1"},{"name":"Azure_Security_Benchmark_v2.0_IM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-2"},{"name":"Azure_Security_Benchmark_v2.0_IM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-3"},{"name":"Azure_Security_Benchmark_v2.0_IM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-4"},{"name":"Azure_Security_Benchmark_v2.0_IM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-5"},{"name":"Azure_Security_Benchmark_v2.0_IM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-6"},{"name":"Azure_Security_Benchmark_v2.0_IM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-8"},{"name":"Azure_Security_Benchmark_v2.0_PA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-1"},{"name":"Azure_Security_Benchmark_v2.0_PA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-2"},{"name":"Azure_Security_Benchmark_v2.0_PA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-3"},{"name":"Azure_Security_Benchmark_v2.0_PA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-4"},{"name":"Azure_Security_Benchmark_v2.0_PA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-5"},{"name":"Azure_Security_Benchmark_v2.0_PA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-6"},{"name":"Azure_Security_Benchmark_v2.0_PA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-7"},{"name":"Azure_Security_Benchmark_v2.0_PA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-8"},{"name":"Azure_Security_Benchmark_v2.0_DP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-1"},{"name":"Azure_Security_Benchmark_v2.0_DP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-2"},{"name":"Azure_Security_Benchmark_v2.0_DP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-3"},{"name":"Azure_Security_Benchmark_v2.0_DP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-4"},{"name":"Azure_Security_Benchmark_v2.0_DP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-1"},{"name":"Azure_Security_Benchmark_v2.0_AM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-2"},{"name":"Azure_Security_Benchmark_v2.0_AM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-3"},{"name":"Azure_Security_Benchmark_v2.0_AM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-4"},{"name":"Azure_Security_Benchmark_v2.0_AM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-1"},{"name":"Azure_Security_Benchmark_v2.0_LT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-2"},{"name":"Azure_Security_Benchmark_v2.0_LT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-3"},{"name":"Azure_Security_Benchmark_v2.0_LT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-4"},{"name":"Azure_Security_Benchmark_v2.0_LT-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-5"},{"name":"Azure_Security_Benchmark_v2.0_LT-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-7"},{"name":"Azure_Security_Benchmark_v2.0_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-1"},{"name":"Azure_Security_Benchmark_v2.0_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-2"},{"name":"Azure_Security_Benchmark_v2.0_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-3"},{"name":"Azure_Security_Benchmark_v2.0_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-4"},{"name":"Azure_Security_Benchmark_v2.0_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-5"},{"name":"Azure_Security_Benchmark_v2.0_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-1"},{"name":"Azure_Security_Benchmark_v2.0_PV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-2"},{"name":"Azure_Security_Benchmark_v2.0_PV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-3"},{"name":"Azure_Security_Benchmark_v2.0_PV-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-4"},{"name":"Azure_Security_Benchmark_v2.0_PV-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-5"},{"name":"Azure_Security_Benchmark_v2.0_PV-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-7"},{"name":"Azure_Security_Benchmark_v2.0_PV-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-8"},{"name":"Azure_Security_Benchmark_v2.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-1"},{"name":"Azure_Security_Benchmark_v2.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-2"},{"name":"Azure_Security_Benchmark_v2.0_ES-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-1"},{"name":"Azure_Security_Benchmark_v2.0_BR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-2"},{"name":"Azure_Security_Benchmark_v2.0_BR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-1"},{"name":"Azure_Security_Benchmark_v2.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-2"},{"name":"Azure_Security_Benchmark_v2.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-3"},{"name":"Azure_Security_Benchmark_v2.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-5"},{"name":"Azure_Security_Benchmark_v2.0_GS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-6"},{"name":"Azure_Security_Benchmark_v2.0_GS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-7"},{"name":"Azure_Security_Benchmark_v2.0_GS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information @@ -4226,7 +6430,7 @@ interactions: initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more - information, visit https://aka.ms/AustralianGovernmentISM-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + information, visit https://aka.ms/AustralianGovernmentISM-blueprint.","metadata":{"version":"4.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -4260,7 +6464,7 @@ interactions: An Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Only secure connections to your Redis Cache should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + or disable the monitoring of resource logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Endpoint protection solution should be installed on virtual machine scale sets","description":"Enable or disable the monitoring of virtual machine scale sets endpoint protection monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToIncludeWindows":{"type":"Array","metadata":{"displayName":"[Preview]: @@ -4292,10 +6496,10 @@ interactions: or disable the monitoring of the use of HTTPS in Function App v2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"vulnerabilityAssessmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"logProfilesForActivityLogEffect":{"type":"String","metadata":{"displayName":"[Preview]: + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"logProfilesForActivityLogEffect":{"type":"String","metadata":{"displayName":"[Preview]: Azure subscriptions should have a log profile for Activity Log","description":"Enable or disable the monitoring of a log profile for Activity Log in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"}},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"}},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: System updates should be installed on your machines","description":"Enable or disable the monitoring of system updates reporting"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Latest TLS version should be used for App Service","description":"Enable or @@ -4372,28 +6576,28 @@ interactions: or disable the monitoring of the latest TLS version in Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentEmailSettingForReceivingScanReports","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''auditUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logProfilesForActivityLog","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''logProfilesForActivityLogEffect'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''anitmalwareRequiredForWindowsServersEffect'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"AzureBaselineSecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"enforcePasswordHistory":{"value":"[parameters(''enforcePasswordHistory'')]"},"maximumPasswordAge":{"value":"[parameters(''maximumPasswordAge'')]"},"minimumPasswordAge":{"value":"[parameters(''minimumPasswordAge'')]"},"minimumPasswordLength":{"value":"[parameters(''minimumPasswordLength'')]"},"passwordMustMeetComplexityRequirements":{"value":"[parameters(''passwordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077","type":"Microsoft.Authorization/policySetDefinitions","name":"27272c0b-c225-4cc3-b8b0-f2534b093077"},{"properties":{"displayName":"UK + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentEmailSettingForReceivingScanReports","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''auditUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logProfilesForActivityLog","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''logProfilesForActivityLogEffect'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''anitmalwareRequiredForWindowsServersEffect'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"AzureBaselineSecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"enforcePasswordHistory":{"value":"[parameters(''enforcePasswordHistory'')]"},"maximumPasswordAge":{"value":"[parameters(''maximumPasswordAge'')]"},"minimumPasswordAge":{"value":"[parameters(''minimumPasswordAge'')]"},"minimumPasswordLength":{"value":"[parameters(''minimumPasswordLength'')]"},"passwordMustMeetComplexityRequirements":{"value":"[parameters(''passwordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077","type":"Microsoft.Authorization/policySetDefinitions","name":"27272c0b-c225-4cc3-b8b0-f2534b093077"},{"properties":{"displayName":"UK OFFICIAL and UK NHS","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-blueprint - and https://aka.ms/uknhs-blueprint.","metadata":{"version":"4.0.0","category":"Regulatory + and https://aka.ms/uknhs-blueprint.","metadata":{"version":"6.0.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]: + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["UK_NCSC_CSP_5.3","UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["UK_NCSC_CSP_5.3","UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2","UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["UK_NCSC_CSP_5.3"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["UK_NCSC_CSP_5.3"]},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["UK_NCSC_CSP_1"]}],"policyDefinitionGroups":[{"name":"UK_NCSC_CSP_1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_1"},{"name":"UK_NCSC_CSP_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.1"},{"name":"UK_NCSC_CSP_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.2"},{"name":"UK_NCSC_CSP_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.3"},{"name":"UK_NCSC_CSP_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.4"},{"name":"UK_NCSC_CSP_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.5"},{"name":"UK_NCSC_CSP_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.6"},{"name":"UK_NCSC_CSP_3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_3"},{"name":"UK_NCSC_CSP_4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_4"},{"name":"UK_NCSC_CSP_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.1"},{"name":"UK_NCSC_CSP_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.2"},{"name":"UK_NCSC_CSP_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.3"},{"name":"UK_NCSC_CSP_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.4"},{"name":"UK_NCSC_CSP_6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_6"},{"name":"UK_NCSC_CSP_7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_7"},{"name":"UK_NCSC_CSP_8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_8"},{"name":"UK_NCSC_CSP_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_9.1"},{"name":"UK_NCSC_CSP_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_9.2"},{"name":"UK_NCSC_CSP_10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_10"},{"name":"UK_NCSC_CSP_11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_11"},{"name":"UK_NCSC_CSP_12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_12"},{"name":"UK_NCSC_CSP_13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_13"},{"name":"UK_NCSC_CSP_14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_14"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]: SWIFT CSP-CSCF v2020","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added - in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.","metadata":{"version":"3.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"[Preview]: Connected workspace IDs","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: Members to include","description":"A semicolon-separated list of members that @@ -4405,44 +6609,45 @@ interactions: initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.1.1-deprecated","category":"Guest - Configuration","deprecated":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Preview]: - Azure Security Benchmark","policyType":"BuiltIn","description":"This initiative - includes audit and virtual machine extension deployment policies that address - a subset of Azure Security Benchmark recommendations. Additional policies - will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.","metadata":{"version":"6.1.0-preview","preview":true,"category":"Regulatory - Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: + Configuration","deprecated":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Deprecated]: + Azure Security Benchmark v1","policyType":"BuiltIn","description":"This initiative + has been deprecated. The Azure Security Benchmark initiative now represents + the Azure Security Benchmark v2 controls, and serves as the Azure Security + Center default policy initiative. Please assign that initiative, or manage + its policies and compliance results within Azure Security Center.","metadata":{"version":"7.0.2-deprecated","deprecated":true,"category":"Regulatory + Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Deprecated]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc - connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users excluded from Windows VM Administrators group","description":"A semicolon-separated list of members that should be excluded in the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users that must be included in Windows VM Administrators group","description":"A semicolon-separated list of members that should be included in the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfOnlyMembersInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfOnlyMembersInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users that Windows VM Administrators group must *only* include","description":"A semicolon-separated list of all the expected members of the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"[Deprecated]: List of regions where Network Watcher should be enabled","description":"To - see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","germanynorth","germanywestcentral","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","norwayeast","norwaywest","southafricanorth","southafricawest","southcentralus","southeastasia","southindia","switzerlandnorth","switzerlandwest","uaecentral","uaenorth","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"[Preview]: + see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","germanynorth","germanywestcentral","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","norwayeast","norwaywest","southafricanorth","southafricawest","southcentralus","southeastasia","southindia","switzerlandnorth","switzerlandwest","uaecentral","uaenorth","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"[Deprecated]: NetworkWatcher resource group name","description":"Name of the resource group - of NetworkWatcher, such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"approvedVirtualNetworkForVMs":{"type":"String","metadata":{"displayName":"[Preview]: - Virtual network where VMs should be connected","description":"Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name","strongType":"Microsoft.Network/virtualNetworks"}},"approvedNetworkGatewayforVirtualNetworks":{"type":"String","metadata":{"displayName":"[Preview]: + of NetworkWatcher, such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"approvedVirtualNetworkForVMs":{"type":"String","metadata":{"displayName":"[Deprecated]: + Virtual network where VMs should be connected","description":"Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name","strongType":"Microsoft.Network/virtualNetworks"}},"approvedNetworkGatewayforVirtualNetworks":{"type":"String","metadata":{"displayName":"[Deprecated]: Network gateway that virtual networks should use","description":"Example: - /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name","strongType":"Microsoft.Network/virtualNetworkGateways"}},"listOfWorkspaceIDsForLogAnalyticsAgent":{"type":"String","metadata":{"displayName":"[Preview]: + /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name","strongType":"Microsoft.Network/virtualNetworkGateways"}},"listOfWorkspaceIDsForLogAnalyticsAgent":{"type":"String","metadata":{"displayName":"[Deprecated]: List of workspace IDs where Log Analytics agents should connect","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent - should be connected to"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","description":"Audit - diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: - Latest PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + should be connected to"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of resource types that should have resource logs enabled","description":"Audit + diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Java version","description":"Latest supported Java version for App - Services"},"defaultValue":"11"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Services"},"defaultValue":"11"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Windows Python version","description":"Latest supported Python version - for App Services","deprecated":true},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + for App Services","deprecated":true},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Linux Python version","description":"Latest supported Python version - for App Services"},"defaultValue":"3.8"}},"policyDefinitions":[{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.11","Azure_Security_Benchmark_v1.0_9.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"22730e10-96f6-4aac-ad84-9383d35b5917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"235359c5-7c52-4b82-9055-01c75cf9f60e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"37e0d2fe-28a5-43d6-a273-67d37d1f5606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_4.9"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.8","Azure_Security_Benchmark_v1.0_6.10"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"6265018c-d7e2-432f-a75d-094d5f6f4465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WorkspaceId":{"value":"[parameters(''listOfWorkspaceIDsForLogAnalyticsAgent'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"760a85ff-6162-42b3-8d70-698e268f648c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"caf2d518-f029-4f6b-833b-d7081702f253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"67e010c1-640d-438e-a3a5-feaccb533a98","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b4d66858-c922-44e3-9566-5cdb7a7be744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.2","Azure_Security_Benchmark_v1.0_1.5"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"Members":{"value":"[parameters(''listOfOnlyMembersInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"bd352bd5-2853-4985-bf0d-73806b4a5744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.3"]},{"policyDefinitionReferenceId":"c4857be7-912a-4c75-87e6-e30292bcdf78","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.1","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"d416745a-506c-48b6-8ab1-83cb814bcaa3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"virtualNetworkId":{"value":"[parameters(''approvedVirtualNetworkForVMs'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"d63edb4a-c612-454d-b47d-191a724fcbf0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"ea4d6841-2173-4317-9747-ff522a45120f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"f1776c76-f58c-4245-a8d0-2b207198dc8b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","parameters":{"virtualNetworkGatewayId":{"value":"[parameters(''approvedNetworkGatewayforVirtualNetworks'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"0564d078-92f5-4f97-8398-b9f58a51f70b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0a1302fb-a631-4106-9753-f3d494733990","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"7595c971-233d-4bcf-bd18-596129188c49","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"7ff426e2-515f-405a-91c8-4f2333442eb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.5"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"},{"name":"Azure_Security_Benchmark_v1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"},{"name":"Azure_Security_Benchmark_v1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"},{"name":"Azure_Security_Benchmark_v1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"},{"name":"Azure_Security_Benchmark_v1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"},{"name":"Azure_Security_Benchmark_v1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"},{"name":"Azure_Security_Benchmark_v1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"},{"name":"Azure_Security_Benchmark_v1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"},{"name":"Azure_Security_Benchmark_v1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"},{"name":"Azure_Security_Benchmark_v1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"},{"name":"Azure_Security_Benchmark_v1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"},{"name":"Azure_Security_Benchmark_v1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"},{"name":"Azure_Security_Benchmark_v1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"},{"name":"Azure_Security_Benchmark_v1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"},{"name":"Azure_Security_Benchmark_v1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"},{"name":"Azure_Security_Benchmark_v1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"},{"name":"Azure_Security_Benchmark_v1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"},{"name":"Azure_Security_Benchmark_v1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"},{"name":"Azure_Security_Benchmark_v1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"},{"name":"Azure_Security_Benchmark_v1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"},{"name":"Azure_Security_Benchmark_v1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"},{"name":"Azure_Security_Benchmark_v1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"},{"name":"Azure_Security_Benchmark_v1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"},{"name":"Azure_Security_Benchmark_v1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"},{"name":"Azure_Security_Benchmark_v1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"},{"name":"Azure_Security_Benchmark_v1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"},{"name":"Azure_Security_Benchmark_v1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"},{"name":"Azure_Security_Benchmark_v1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"},{"name":"Azure_Security_Benchmark_v1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"},{"name":"Azure_Security_Benchmark_v1.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"},{"name":"Azure_Security_Benchmark_v1.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"},{"name":"Azure_Security_Benchmark_v1.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"},{"name":"Azure_Security_Benchmark_v1.0_3.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"},{"name":"Azure_Security_Benchmark_v1.0_3.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"},{"name":"Azure_Security_Benchmark_v1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"},{"name":"Azure_Security_Benchmark_v1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"},{"name":"Azure_Security_Benchmark_v1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"},{"name":"Azure_Security_Benchmark_v1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"},{"name":"Azure_Security_Benchmark_v1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"},{"name":"Azure_Security_Benchmark_v1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"},{"name":"Azure_Security_Benchmark_v1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"},{"name":"Azure_Security_Benchmark_v1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"},{"name":"Azure_Security_Benchmark_v1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"},{"name":"Azure_Security_Benchmark_v1.0_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"},{"name":"Azure_Security_Benchmark_v1.0_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"},{"name":"Azure_Security_Benchmark_v1.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"},{"name":"Azure_Security_Benchmark_v1.0_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"},{"name":"Azure_Security_Benchmark_v1.0_5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"},{"name":"Azure_Security_Benchmark_v1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"},{"name":"Azure_Security_Benchmark_v1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"},{"name":"Azure_Security_Benchmark_v1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"},{"name":"Azure_Security_Benchmark_v1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"},{"name":"Azure_Security_Benchmark_v1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"},{"name":"Azure_Security_Benchmark_v1.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"},{"name":"Azure_Security_Benchmark_v1.0_6.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"},{"name":"Azure_Security_Benchmark_v1.0_6.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"},{"name":"Azure_Security_Benchmark_v1.0_6.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"},{"name":"Azure_Security_Benchmark_v1.0_6.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"},{"name":"Azure_Security_Benchmark_v1.0_6.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"},{"name":"Azure_Security_Benchmark_v1.0_6.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"},{"name":"Azure_Security_Benchmark_v1.0_6.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"},{"name":"Azure_Security_Benchmark_v1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"},{"name":"Azure_Security_Benchmark_v1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"},{"name":"Azure_Security_Benchmark_v1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"},{"name":"Azure_Security_Benchmark_v1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"},{"name":"Azure_Security_Benchmark_v1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"},{"name":"Azure_Security_Benchmark_v1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"},{"name":"Azure_Security_Benchmark_v1.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"},{"name":"Azure_Security_Benchmark_v1.0_7.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"},{"name":"Azure_Security_Benchmark_v1.0_7.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"},{"name":"Azure_Security_Benchmark_v1.0_7.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"},{"name":"Azure_Security_Benchmark_v1.0_7.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"},{"name":"Azure_Security_Benchmark_v1.0_7.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"},{"name":"Azure_Security_Benchmark_v1.0_7.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"},{"name":"Azure_Security_Benchmark_v1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"},{"name":"Azure_Security_Benchmark_v1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"},{"name":"Azure_Security_Benchmark_v1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"},{"name":"Azure_Security_Benchmark_v1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"},{"name":"Azure_Security_Benchmark_v1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"},{"name":"Azure_Security_Benchmark_v1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"},{"name":"Azure_Security_Benchmark_v1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"},{"name":"Azure_Security_Benchmark_v1.0_10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"},{"name":"Azure_Security_Benchmark_v1.0_10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"},{"name":"Azure_Security_Benchmark_v1.0_10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"},{"name":"Azure_Security_Benchmark_v1.0_10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"},{"name":"Azure_Security_Benchmark_v1.0_10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"},{"name":"Azure_Security_Benchmark_v1.0_11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"},{"name":"Azure_Security_Benchmark_v1.0_10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92","type":"Microsoft.Authorization/policySetDefinitions","name":"42a694ed-f65e-42b2-aa9e-8052e9740a92"},{"properties":{"displayName":"Kubernetes + for App Services"},"defaultValue":"3.8"}},"policyDefinitions":[{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.11","Azure_Security_Benchmark_v1.0_9.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"22730e10-96f6-4aac-ad84-9383d35b5917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"235359c5-7c52-4b82-9055-01c75cf9f60e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"37e0d2fe-28a5-43d6-a273-67d37d1f5606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_4.9"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.8","Azure_Security_Benchmark_v1.0_6.10"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"6265018c-d7e2-432f-a75d-094d5f6f4465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WorkspaceId":{"value":"[parameters(''listOfWorkspaceIDsForLogAnalyticsAgent'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"caf2d518-f029-4f6b-833b-d7081702f253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"67e010c1-640d-438e-a3a5-feaccb533a98","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.2","Azure_Security_Benchmark_v1.0_1.5"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"Members":{"value":"[parameters(''listOfOnlyMembersInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"bd352bd5-2853-4985-bf0d-73806b4a5744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.3"]},{"policyDefinitionReferenceId":"c4857be7-912a-4c75-87e6-e30292bcdf78","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.1","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"d416745a-506c-48b6-8ab1-83cb814bcaa3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"virtualNetworkId":{"value":"[parameters(''approvedVirtualNetworkForVMs'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"d63edb4a-c612-454d-b47d-191a724fcbf0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"ea4d6841-2173-4317-9747-ff522a45120f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"f1776c76-f58c-4245-a8d0-2b207198dc8b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","parameters":{"virtualNetworkGatewayId":{"value":"[parameters(''approvedNetworkGatewayforVirtualNetworks'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"0564d078-92f5-4f97-8398-b9f58a51f70b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0a1302fb-a631-4106-9753-f3d494733990","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"7595c971-233d-4bcf-bd18-596129188c49","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"7ff426e2-515f-405a-91c8-4f2333442eb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.5"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"},{"name":"Azure_Security_Benchmark_v1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"},{"name":"Azure_Security_Benchmark_v1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"},{"name":"Azure_Security_Benchmark_v1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"},{"name":"Azure_Security_Benchmark_v1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"},{"name":"Azure_Security_Benchmark_v1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"},{"name":"Azure_Security_Benchmark_v1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"},{"name":"Azure_Security_Benchmark_v1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"},{"name":"Azure_Security_Benchmark_v1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"},{"name":"Azure_Security_Benchmark_v1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"},{"name":"Azure_Security_Benchmark_v1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"},{"name":"Azure_Security_Benchmark_v1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"},{"name":"Azure_Security_Benchmark_v1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"},{"name":"Azure_Security_Benchmark_v1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"},{"name":"Azure_Security_Benchmark_v1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"},{"name":"Azure_Security_Benchmark_v1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"},{"name":"Azure_Security_Benchmark_v1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"},{"name":"Azure_Security_Benchmark_v1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"},{"name":"Azure_Security_Benchmark_v1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"},{"name":"Azure_Security_Benchmark_v1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"},{"name":"Azure_Security_Benchmark_v1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"},{"name":"Azure_Security_Benchmark_v1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"},{"name":"Azure_Security_Benchmark_v1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"},{"name":"Azure_Security_Benchmark_v1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"},{"name":"Azure_Security_Benchmark_v1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"},{"name":"Azure_Security_Benchmark_v1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"},{"name":"Azure_Security_Benchmark_v1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"},{"name":"Azure_Security_Benchmark_v1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"},{"name":"Azure_Security_Benchmark_v1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"},{"name":"Azure_Security_Benchmark_v1.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"},{"name":"Azure_Security_Benchmark_v1.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"},{"name":"Azure_Security_Benchmark_v1.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"},{"name":"Azure_Security_Benchmark_v1.0_3.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"},{"name":"Azure_Security_Benchmark_v1.0_3.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"},{"name":"Azure_Security_Benchmark_v1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"},{"name":"Azure_Security_Benchmark_v1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"},{"name":"Azure_Security_Benchmark_v1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"},{"name":"Azure_Security_Benchmark_v1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"},{"name":"Azure_Security_Benchmark_v1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"},{"name":"Azure_Security_Benchmark_v1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"},{"name":"Azure_Security_Benchmark_v1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"},{"name":"Azure_Security_Benchmark_v1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"},{"name":"Azure_Security_Benchmark_v1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"},{"name":"Azure_Security_Benchmark_v1.0_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"},{"name":"Azure_Security_Benchmark_v1.0_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"},{"name":"Azure_Security_Benchmark_v1.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"},{"name":"Azure_Security_Benchmark_v1.0_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"},{"name":"Azure_Security_Benchmark_v1.0_5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"},{"name":"Azure_Security_Benchmark_v1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"},{"name":"Azure_Security_Benchmark_v1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"},{"name":"Azure_Security_Benchmark_v1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"},{"name":"Azure_Security_Benchmark_v1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"},{"name":"Azure_Security_Benchmark_v1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"},{"name":"Azure_Security_Benchmark_v1.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"},{"name":"Azure_Security_Benchmark_v1.0_6.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"},{"name":"Azure_Security_Benchmark_v1.0_6.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"},{"name":"Azure_Security_Benchmark_v1.0_6.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"},{"name":"Azure_Security_Benchmark_v1.0_6.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"},{"name":"Azure_Security_Benchmark_v1.0_6.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"},{"name":"Azure_Security_Benchmark_v1.0_6.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"},{"name":"Azure_Security_Benchmark_v1.0_6.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"},{"name":"Azure_Security_Benchmark_v1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"},{"name":"Azure_Security_Benchmark_v1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"},{"name":"Azure_Security_Benchmark_v1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"},{"name":"Azure_Security_Benchmark_v1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"},{"name":"Azure_Security_Benchmark_v1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"},{"name":"Azure_Security_Benchmark_v1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"},{"name":"Azure_Security_Benchmark_v1.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"},{"name":"Azure_Security_Benchmark_v1.0_7.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"},{"name":"Azure_Security_Benchmark_v1.0_7.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"},{"name":"Azure_Security_Benchmark_v1.0_7.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"},{"name":"Azure_Security_Benchmark_v1.0_7.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"},{"name":"Azure_Security_Benchmark_v1.0_7.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"},{"name":"Azure_Security_Benchmark_v1.0_7.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"},{"name":"Azure_Security_Benchmark_v1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"},{"name":"Azure_Security_Benchmark_v1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"},{"name":"Azure_Security_Benchmark_v1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"},{"name":"Azure_Security_Benchmark_v1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"},{"name":"Azure_Security_Benchmark_v1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"},{"name":"Azure_Security_Benchmark_v1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"},{"name":"Azure_Security_Benchmark_v1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"},{"name":"Azure_Security_Benchmark_v1.0_10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"},{"name":"Azure_Security_Benchmark_v1.0_10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"},{"name":"Azure_Security_Benchmark_v1.0_10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"},{"name":"Azure_Security_Benchmark_v1.0_10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"},{"name":"Azure_Security_Benchmark_v1.0_10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"},{"name":"Azure_Security_Benchmark_v1.0_11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"},{"name":"Azure_Security_Benchmark_v1.0_10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92","type":"Microsoft.Authorization/policySetDefinitions","name":"42a694ed-f65e-42b2-aa9e-8052e9740a92"},{"properties":{"displayName":"Kubernetes cluster pod security restricted standards for Linux-based workloads","policyType":"BuiltIn","description":"This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), @@ -4459,17 +6664,17 @@ interactions: v3.2.1:2018","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/pciv321-init.","metadata":{"version":"2.0.0-preview","category":"Regulatory + releases. For more information, visit https://aka.ms/pciv321-init.","metadata":{"version":"3.0.2","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"Canada + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"Canada Federal PBMM","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint.","metadata":{"version":"5.0.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -4478,13 +6683,13 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members to include","description":"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CSSS_IA-2(1)"]},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CSSS_IA-2(1)"]},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["CSSS_SI-2"]},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["CSSS_AC-4"]},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["CSSS_SC-7"]},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["CSSS_SC-5"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_AC-17(1)","CSSS_IA-5","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_AC-17(1)","CSSS_IA-5","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["CSSS_AC-17(1)","CSSS_IA-5"]},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["CSSS_SI-3","CSSS_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CSSS_SC-7"]},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CSSS_SI-3","CSSS_SI-3(1)"]},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CSSS_SI-2"]},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CSSS_CM-7(5)","CSSS_CM-11"]},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CSSS_SC-7(3)","CSSS_SC-7(4)"]},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CSSS_SC-28"]},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["CSSS_RA-5"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["CSSS_AU-5","CSSS_AU-12"]},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CSSS_AC-2(7)"]},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12","CSSS_RA-5","CSSS_SC-28","CSSS_SI-4"]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12"]},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12","CSSS_RA-5","CSSS_SC-28","CSSS_SI-4"]},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CSSS_SC-28"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CSSS_AC-17(1)","CSSS_SC-7"]},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["CSSS_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["CSSS_CP-7"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_SC-8(1)"]}],"policyDefinitionGroups":[{"name":"CCCS_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-1"},{"name":"CSSS_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-2"},{"name":"CCCS_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(1)"},{"name":"CCCS_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(2)"},{"name":"CCCS_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(3)"},{"name":"CCCS_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(4)"},{"name":"CCCS_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(5)"},{"name":"CSSS_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-2(7)"},{"name":"CCCS_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(9)"},{"name":"CCCS_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(10)"},{"name":"CCCS_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-3"},{"name":"CSSS_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-4"},{"name":"CCCS_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-4(21)"},{"name":"CSSS_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-5"},{"name":"CSSS_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-6"},{"name":"CCCS_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(1)"},{"name":"CCCS_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(2)"},{"name":"CCCS_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(5)"},{"name":"CCCS_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(9)"},{"name":"CCCS_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(10)"},{"name":"CCCS_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-7"},{"name":"CCCS_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-8"},{"name":"CCCS_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-10"},{"name":"CCCS_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-11"},{"name":"CCCS_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-11(1)"},{"name":"CCCS_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-12"},{"name":"CCCS_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-14"},{"name":"CCCS_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17"},{"name":"CSSS_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-17(1)"},{"name":"CCCS_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(2)"},{"name":"CCCS_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(3)"},{"name":"CCCS_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(4)"},{"name":"CCCS_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(9)"},{"name":"CCCS_AC-17(100)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(100)"},{"name":"CCCS_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18"},{"name":"CCCS_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18(1)"},{"name":"CCCS_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18(4)"},{"name":"CCCS_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-19"},{"name":"CCCS_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20"},{"name":"CCCS_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20(1)"},{"name":"CCCS_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20(2)"},{"name":"CCCS_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-21"},{"name":"CCCS_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-22"},{"name":"CCCS_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-1"},{"name":"CCCS_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-2"},{"name":"CCCS_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-2(2)"},{"name":"CCCS_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-3"},{"name":"CCCS_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-4"},{"name":"CCCS_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-1"},{"name":"CCCS_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-2"},{"name":"CCCS_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-2(3)"},{"name":"CSSS_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-3"},{"name":"CCCS_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-3(1)"},{"name":"CSSS_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-5"},{"name":"CCCS_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6"},{"name":"CCCS_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6(1)"},{"name":"CCCS_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6(3)"},{"name":"CCCS_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-7"},{"name":"CCCS_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-7(1)"},{"name":"CCCS_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-8"},{"name":"CCCS_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-8(1)"},{"name":"CCCS_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9"},{"name":"CCCS_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9(2)"},{"name":"CCCS_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9(4)"},{"name":"CCCS_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-11"},{"name":"CSSS_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-12"},{"name":"CCCS_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-1"},{"name":"CCCS_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2"},{"name":"CCCS_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(1)"},{"name":"CCCS_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(2)"},{"name":"CCCS_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(3)"},{"name":"CCCS_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3"},{"name":"CCCS_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3(3)"},{"name":"CCCS_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3(5)"},{"name":"CCCS_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-5"},{"name":"CCCS_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-6"},{"name":"CCCS_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-7"},{"name":"CCCS_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-7(1)"},{"name":"CCCS_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-8"},{"name":"CCCS_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-8(1)"},{"name":"CCCS_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-9"},{"name":"CCCS_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-1"},{"name":"CCCS_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2"},{"name":"CCCS_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(1)"},{"name":"CCCS_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(2)"},{"name":"CCCS_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(3)"},{"name":"CCCS_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(7)"},{"name":"CCCS_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3"},{"name":"CCCS_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3(4)"},{"name":"CCCS_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3(6)"},{"name":"CCCS_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-4"},{"name":"CCCS_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5"},{"name":"CCCS_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5(1)"},{"name":"CSSS_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CM-7(5)"},{"name":"CCCS_CM-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5(6)"},{"name":"CCCS_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6"},{"name":"CCCS_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6(1)"},{"name":"CCCS_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6(2)"},{"name":"CCCS_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7"},{"name":"CCCS_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7(1)"},{"name":"CCCS_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7(5)"},{"name":"CCCS_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8"},{"name":"CCCS_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(1)"},{"name":"CCCS_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(2)"},{"name":"CCCS_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(3)"},{"name":"CCCS_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(5)"},{"name":"CCCS_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-9"},{"name":"CCCS_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-10"},{"name":"CCCS_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-10(1)"},{"name":"CSSS_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CM-11"},{"name":"CCCS_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-1"},{"name":"CCCS_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2"},{"name":"CCCS_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(1)"},{"name":"CCCS_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(2)"},{"name":"CCCS_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(3)"},{"name":"CCCS_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(4)"},{"name":"CCCS_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(5)"},{"name":"CCCS_CP-2(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(6)"},{"name":"CCCS_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(8)"},{"name":"CCCS_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-3"},{"name":"CCCS_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4"},{"name":"CCCS_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4(1)"},{"name":"CCCS_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4(2)"},{"name":"CCCS_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6"},{"name":"CCCS_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(1)"},{"name":"CCCS_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(2)"},{"name":"CCCS_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(3)"},{"name":"CSSS_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CP-7"},{"name":"CCCS_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(1)"},{"name":"CCCS_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(2)"},{"name":"CCCS_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(3)"},{"name":"CCCS_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(4)"},{"name":"CCCS_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8"},{"name":"CCCS_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(1)"},{"name":"CCCS_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(2)"},{"name":"CCCS_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(3)"},{"name":"CCCS_CP-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(5)"},{"name":"CCCS_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9"},{"name":"CCCS_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(1)"},{"name":"CCCS_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(2)"},{"name":"CCCS_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(3)"},{"name":"CCCS_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(5)"},{"name":"CCCS_CP-9(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(7)"},{"name":"CCCS_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10"},{"name":"CCCS_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10(2)"},{"name":"CCCS_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10(4)"},{"name":"CCCS_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-1"},{"name":"CCCS_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2"},{"name":"CSSS_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-2(1)"},{"name":"CCCS_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(3)"},{"name":"CCCS_IA-2(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(6)"},{"name":"CCCS_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(8)"},{"name":"CCCS_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(11)"},{"name":"CCCS_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-3"},{"name":"CCCS_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4"},{"name":"CCCS_IA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(2)"},{"name":"CCCS_IA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(3)"},{"name":"CCCS_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(4)"},{"name":"CSSS_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-5"},{"name":"CSSS_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-5(1)"},{"name":"CCCS_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(2)"},{"name":"CCCS_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(3)"},{"name":"CCCS_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(4)"},{"name":"CCCS_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(6)"},{"name":"CCCS_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(7)"},{"name":"CCCS_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(8)"},{"name":"CCCS_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(11)"},{"name":"CCCS_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-6"},{"name":"CCCS_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-7"},{"name":"CCCS_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-8"},{"name":"CCCS_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-1"},{"name":"CCCS_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-2"},{"name":"CCCS_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-3"},{"name":"CCCS_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-3(2)"},{"name":"CCCS_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4"},{"name":"CCCS_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4(1)"},{"name":"CCCS_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4(3)"},{"name":"CCCS_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-5"},{"name":"CCCS_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-6"},{"name":"CCCS_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-6(1)"},{"name":"CCCS_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7"},{"name":"CCCS_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7(1)"},{"name":"CCCS_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7(2)"},{"name":"CCCS_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-8"},{"name":"CCCS_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9"},{"name":"CCCS_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(1)"},{"name":"CCCS_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(2)"},{"name":"CCCS_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(3)"},{"name":"CCCS_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(4)"},{"name":"CCCS_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-1"},{"name":"CCCS_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-2"},{"name":"CCCS_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3"},{"name":"CCCS_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(1)"},{"name":"CCCS_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(2)"},{"name":"CCCS_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(3)"},{"name":"CCCS_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4"},{"name":"CCCS_MA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(1)"},{"name":"CCCS_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(2)"},{"name":"CCCS_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(3)"},{"name":"CCCS_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(6)"},{"name":"CCCS_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-5"},{"name":"CCCS_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-5(1)"},{"name":"CCCS_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-6"},{"name":"CCCS_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-1"},{"name":"CCCS_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-2"},{"name":"CCCS_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-3"},{"name":"CCCS_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-4"},{"name":"CCCS_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-5"},{"name":"CCCS_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-5(4)"},{"name":"CCCS_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6"},{"name":"CCCS_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(1)"},{"name":"CCCS_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(2)"},{"name":"CCCS_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(3)"},{"name":"CCCS_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-7"},{"name":"CCCS_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-7(1)"},{"name":"CCCS_MP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-8"},{"name":"CCCS_MP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-8(1)"},{"name":"CCCS_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-1"},{"name":"CCCS_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-2"},{"name":"CCCS_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-3"},{"name":"CCCS_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-3(1)"},{"name":"CCCS_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-4"},{"name":"CCCS_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-5"},{"name":"CCCS_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6"},{"name":"CCCS_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6(1)"},{"name":"CCCS_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6(4)"},{"name":"CCCS_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-8"},{"name":"CCCS_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-9"},{"name":"CCCS_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-10"},{"name":"CCCS_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-11"},{"name":"CCCS_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-12"},{"name":"CCCS_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13"},{"name":"CCCS_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13(2)"},{"name":"CCCS_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13(3)"},{"name":"CCCS_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-14"},{"name":"CCCS_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-14(2)"},{"name":"CCCS_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-15"},{"name":"CCCS_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-16"},{"name":"CCCS_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-17"},{"name":"CCCS_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-1"},{"name":"CCCS_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-2"},{"name":"CCCS_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-2(3)"},{"name":"CCCS_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-4"},{"name":"CCCS_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-4(1)"},{"name":"CCCS_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-8"},{"name":"CCCS_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-1"},{"name":"CCCS_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-2"},{"name":"CCCS_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-3"},{"name":"CCCS_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-3(3)"},{"name":"CCCS_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-4"},{"name":"CCCS_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-5"},{"name":"CCCS_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-6"},{"name":"CCCS_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-7"},{"name":"CCCS_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-8"},{"name":"CCCS_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-1"},{"name":"CCCS_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-2"},{"name":"CCCS_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-3"},{"name":"CSSS_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_RA-5"},{"name":"CCCS_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(1)"},{"name":"CCCS_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(2)"},{"name":"CCCS_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(3)"},{"name":"CCCS_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(5)"},{"name":"CCCS_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(6)"},{"name":"CCCS_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(8)"},{"name":"CCCS_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-1"},{"name":"CCCS_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-2"},{"name":"CCCS_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-3"},{"name":"CCCS_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4"},{"name":"CCCS_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(1)"},{"name":"CCCS_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(2)"},{"name":"CCCS_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(8)"},{"name":"CCCS_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(9)"},{"name":"CCCS_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-5"},{"name":"CCCS_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-8"},{"name":"CCCS_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9"},{"name":"CCCS_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(1)"},{"name":"CCCS_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(2)"},{"name":"CCCS_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(4)"},{"name":"CCCS_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(5)"},{"name":"CCCS_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-10"},{"name":"CCCS_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-10(1)"},{"name":"CCCS_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11"},{"name":"CCCS_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(1)"},{"name":"CCCS_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(2)"},{"name":"CCCS_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(8)"},{"name":"CCCS_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-15"},{"name":"CCCS_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-1"},{"name":"CCCS_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-2"},{"name":"CCCS_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-4"},{"name":"CSSS_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-5"},{"name":"CCCS_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-6"},{"name":"CSSS_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7"},{"name":"CSSS_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7(3)"},{"name":"CSSS_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7(4)"},{"name":"CCCS_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(5)"},{"name":"CCCS_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(7)"},{"name":"CCCS_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(8)"},{"name":"CCCS_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(12)"},{"name":"CCCS_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(13)"},{"name":"CCCS_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(18)"},{"name":"CCCS_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-8"},{"name":"CSSS_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-8(1)"},{"name":"CCCS_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-10"},{"name":"CCCS_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12"},{"name":"CCCS_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(1)"},{"name":"CCCS_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(2)"},{"name":"CCCS_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(3)"},{"name":"CCCS_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-13"},{"name":"CCCS_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-15"},{"name":"CCCS_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-17"},{"name":"CCCS_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18"},{"name":"CCCS_SC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18(3)"},{"name":"CCCS_SC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18(4)"},{"name":"CCCS_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-19"},{"name":"CCCS_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-20"},{"name":"CCCS_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-21"},{"name":"CCCS_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-22"},{"name":"CCCS_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-23"},{"name":"CCCS_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-23(1)"},{"name":"CSSS_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-28"},{"name":"CCCS_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-28(1)"},{"name":"CCCS_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-39"},{"name":"CCCS_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-1"},{"name":"CSSS_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-2"},{"name":"CCCS_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-2(2)"},{"name":"CCCS_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-2(3)"},{"name":"CSSS_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-3"},{"name":"CSSS_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-3(1)"},{"name":"CCCS_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-3(2)"},{"name":"CCCS_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-3(7)"},{"name":"CSSS_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-4"},{"name":"CCCS_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(1)"},{"name":"CCCS_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(2)"},{"name":"CCCS_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(4)"},{"name":"CCCS_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(5)"},{"name":"CCCS_SI-4(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(7)"},{"name":"CCCS_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(11)"},{"name":"CCCS_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(14)"},{"name":"CCCS_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(16)"},{"name":"CCCS_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(20)"},{"name":"CCCS_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(23)"},{"name":"CCCS_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-5"},{"name":"CCCS_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-6"},{"name":"CCCS_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7"},{"name":"CCCS_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7(1)"},{"name":"CCCS_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7(7)"},{"name":"CCCS_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8"},{"name":"CCCS_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8(1)"},{"name":"CCCS_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8(2)"},{"name":"CCCS_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-10"},{"name":"CCCS_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-11"},{"name":"CCCS_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-12"},{"name":"CCCS_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-16"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs on which the remote host connection status does not match the specified one","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines on which the remote @@ -4567,7 +6772,279 @@ interactions: List of VM images that have supported Windows OS to add to scope","description":"Example value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: List of VM images that have supported Linux OS to add to scope","description":"Example - value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Deprecated]: + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + CIS Microsoft Azure Foundations Benchmark 1.3.0","policyType":"BuiltIn","description":"This + initiative includes policies that address a subset of CIS Microsoft Azure + Foundations Benchmark recommendations. Additional policies will be added in + upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative.","metadata":{"version":"1.0.0-preview","preview":true,"category":"Regulatory + Compliance"},"parameters":{"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Custom subscription owner roles should not exist","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-475aae12-b88a-4572-8b36-9b712b2b3a17":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auto provisioning of the Log Analytics agent should be + enabled on your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subscriptions should have a contact email address for security + issues","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access using virtual + network rules","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c9d007d0-c057-4772-b18c-01e546713bcd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should allow access from trusted Microsoft + services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-89099bee-89e0-4b26-a5f4-165451757743":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should be configured with 90 days auditing + retention or higher.","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Log checkpoints should be enabled for PostgreSQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Log connections should be enabled for PostgreSQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disconnections should be logged for PostgreSQL database + servers.","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Connection throttling should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should use customer-managed keys to encrypt + data at rest","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL managed instances should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account containing the container with activity + logs must be encrypted with BYOK","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention period (days) for resource logs","description":"For more + information about resource logs, visit https://aka.ms/resourcelogs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Batch accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"Boolean","metadata":{"displayName":"[Preview]: + Include AKS clusters when auditing if virtual machine scale set resource logs + are enabled"},"defaultValue":false},"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Azure Data Lake Store should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Data Lake Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Event Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Logic Apps should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Search services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Service Bus should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Azure Stream Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Preview]: + List of regions where Network Watcher should be enabled","description":"To + see a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":[]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Preview]: + Name of the resource group for Network Watcher","description":"Name of the + resource group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Unattached disks should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c0e996f8-39cf-4af9-9f45-83fbde810432":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only approved VM extensions should be installed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432":{"type":"Array","metadata":{"displayName":"[Preview]: + List of virtual machine extensions that are approved for use","description":"A + semicolon-separated list of virtual machine extensions; to see a complete + list of extensions, use the Azure PowerShell command Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-98728c90-32c7-4049-8429-847dc0f4fe37":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secrets should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c4ebc54a-46e1-481a-bee2-d4411e95d828":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your API app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your Function app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your web app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure API app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eaebaea7-8013-4ceb-9d14-7eb32271373c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure Function app has ''Client Certificates (Incoming + client certificates)'' set to ''On''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5bb220d9-2698-4ee4-8404-b9c30c9df609":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure WEB app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2b9ad585-36bc-4615-b300-fd4435808332":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Function app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Web app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS only should be required in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-399b2637-a50f-4f95-96f8-3a145476eb15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS only should be required in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS should be required in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["CIS_Azure_1.3.0_1.1"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["CIS_Azure_1.3.0_1.1"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["CIS_Azure_1.3.0_1.2"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{"effect":{"value":"[parameters(''effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'')]"}},"groupNames":["CIS_Azure_1.3.0_1.21"]},{"policyDefinitionReferenceId":"4da35fc9-c9e7-4960-aec9-797fe7d9051d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["CIS_Azure_1.3.0_2.1"]},{"policyDefinitionReferenceId":"2913021d-f2fd-4f3d-b958-22354e2bdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["CIS_Azure_1.3.0_2.2"]},{"policyDefinitionReferenceId":"7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["CIS_Azure_1.3.0_2.3"]},{"policyDefinitionReferenceId":"6581d072-105e-4418-827f-bd446d56421b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["CIS_Azure_1.3.0_2.4"]},{"policyDefinitionReferenceId":"308fbb08-4ab8-4e67-9b29-592e93fb94fa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["CIS_Azure_1.3.0_2.5"]},{"policyDefinitionReferenceId":"523b5cd1-3e23-492f-a539-13118b6d1e3a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["CIS_Azure_1.3.0_2.6"]},{"policyDefinitionReferenceId":"c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["CIS_Azure_1.3.0_2.7"]},{"policyDefinitionReferenceId":"0e6763cc-5078-4e64-889d-ff4d9a839047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["CIS_Azure_1.3.0_2.8"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''effect-475aae12-b88a-4572-8b36-9b712b2b3a17'')]"}},"groupNames":["CIS_Azure_1.3.0_2.11"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["CIS_Azure_1.3.0_2.13"]},{"policyDefinitionReferenceId":"6e2593d9-add6-4083-9c9b-4b7d2188c899","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["CIS_Azure_1.3.0_2.14"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["CIS_Azure_1.3.0_3.1"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["CIS_Azure_1.3.0_3.5","CIS_Azure_1.3.0_5.1.3"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["CIS_Azure_1.3.0_3.6"]},{"policyDefinitionReferenceId":"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f'')]"}},"groupNames":["CIS_Azure_1.3.0_3.6"]},{"policyDefinitionReferenceId":"c9d007d0-c057-4772-b18c-01e546713bcd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{"effect":{"value":"[parameters(''effect-c9d007d0-c057-4772-b18c-01e546713bcd'')]"}},"groupNames":["CIS_Azure_1.3.0_3.7"]},{"policyDefinitionReferenceId":"6fac406b-40ca-413b-bf8e-0bf964659c25","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["CIS_Azure_1.3.0_3.9"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.1"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.2"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''effect-89099bee-89e0-4b26-a5f4-165451757743'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.3"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.1"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.1"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.2"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.4"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.1"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.2"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.3"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.4"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.5"]},{"policyDefinitionReferenceId":"5345bb39-67dc-4960-a1bf-427e16b9a0bd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{"effect":{"value":"[parameters(''effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.6"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["CIS_Azure_1.3.0_4.5"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["CIS_Azure_1.3.0_4.5"]},{"policyDefinitionReferenceId":"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{"effect":{"value":"[parameters(''effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2'')]"}},"groupNames":["CIS_Azure_1.3.0_5.1.4"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.1"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.2"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.3"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.4"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.5"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.6"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.7"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.8"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.9"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.9"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''effect-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.1.5","CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''effect-428256e6-1fac-4f48-a757-df34c2b3336d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''effect-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"},"includeAKSClusters":{"value":"[parameters(''includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''effect-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''effect-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''effect-34f95f76-5386-4de7-b824-0d8478470c9d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"e372f825-a257-4fb8-9175-797a8a8627d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["CIS_Azure_1.3.0_6.1"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["CIS_Azure_1.3.0_6.2"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["CIS_Azure_1.3.0_6.5"]},{"policyDefinitionReferenceId":"06a78e20-9358-41c9-923c-fb736d382a4d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["CIS_Azure_1.3.0_7.1"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["CIS_Azure_1.3.0_7.2"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2'')]"}},"groupNames":["CIS_Azure_1.3.0_7.3"]},{"policyDefinitionReferenceId":"c0e996f8-39cf-4af9-9f45-83fbde810432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"effect":{"value":"[parameters(''effect-c0e996f8-39cf-4af9-9f45-83fbde810432'')]"},"approvedExtensions":{"value":"[parameters(''approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432'')]"}},"groupNames":["CIS_Azure_1.3.0_7.4"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["CIS_Azure_1.3.0_7.5"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["CIS_Azure_1.3.0_7.6"]},{"policyDefinitionReferenceId":"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0'')]"}},"groupNames":["CIS_Azure_1.3.0_8.1"]},{"policyDefinitionReferenceId":"98728c90-32c7-4049-8429-847dc0f4fe37","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''effect-98728c90-32c7-4049-8429-847dc0f4fe37'')]"}},"groupNames":["CIS_Azure_1.3.0_8.2"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["CIS_Azure_1.3.0_8.4"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["CIS_Azure_1.3.0_8.5"]},{"policyDefinitionReferenceId":"c4ebc54a-46e1-481a-bee2-d4411e95d828","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{"effect":{"value":"[parameters(''effect-c4ebc54a-46e1-481a-bee2-d4411e95d828'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{"effect":{"value":"[parameters(''effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"95bccee9-a7f8-4bec-9ee9-62c3473701fc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{"effect":{"value":"[parameters(''effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["CIS_Azure_1.3.0_9.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"0c192fe8-9cbb-4516-85b3-0ade8bd03886","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"eaebaea7-8013-4ceb-9d14-7eb32271373c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''effect-eaebaea7-8013-4ceb-9d14-7eb32271373c'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''effect-5bb220d9-2698-4ee4-8404-b9c30c9df609'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''effect-2b9ad585-36bc-4615-b300-fd4435808332'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.6"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.6"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"991310cd-e9f3-47bc-b7b6-f57b557d07db","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{"effect":{"value":"[parameters(''effect-991310cd-e9f3-47bc-b7b6-f57b557d07db'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"e2c1c086-2d84-4019-bff3-c44ccd95113c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{"effect":{"value":"[parameters(''effect-e2c1c086-2d84-4019-bff3-c44ccd95113c'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"8c122334-9d20-4eb8-89ea-ac9a705b74ae","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{"effect":{"value":"[parameters(''effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''effect-399b2637-a50f-4f95-96f8-3a145476eb15'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.3.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.1"},{"name":"CIS_Azure_1.3.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.2"},{"name":"CIS_Azure_1.3.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.3"},{"name":"CIS_Azure_1.3.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.4"},{"name":"CIS_Azure_1.3.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.5"},{"name":"CIS_Azure_1.3.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.6"},{"name":"CIS_Azure_1.3.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.7"},{"name":"CIS_Azure_1.3.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.8"},{"name":"CIS_Azure_1.3.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.9"},{"name":"CIS_Azure_1.3.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.10"},{"name":"CIS_Azure_1.3.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.11"},{"name":"CIS_Azure_1.3.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.12"},{"name":"CIS_Azure_1.3.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.13"},{"name":"CIS_Azure_1.3.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.14"},{"name":"CIS_Azure_1.3.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.15"},{"name":"CIS_Azure_1.3.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.16"},{"name":"CIS_Azure_1.3.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.17"},{"name":"CIS_Azure_1.3.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.18"},{"name":"CIS_Azure_1.3.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.19"},{"name":"CIS_Azure_1.3.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.20"},{"name":"CIS_Azure_1.3.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.21"},{"name":"CIS_Azure_1.3.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.22"},{"name":"CIS_Azure_1.3.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.23"},{"name":"CIS_Azure_1.3.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.1"},{"name":"CIS_Azure_1.3.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.2"},{"name":"CIS_Azure_1.3.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.3"},{"name":"CIS_Azure_1.3.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.4"},{"name":"CIS_Azure_1.3.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.5"},{"name":"CIS_Azure_1.3.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.6"},{"name":"CIS_Azure_1.3.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.7"},{"name":"CIS_Azure_1.3.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.8"},{"name":"CIS_Azure_1.3.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.9"},{"name":"CIS_Azure_1.3.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.10"},{"name":"CIS_Azure_1.3.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.11"},{"name":"CIS_Azure_1.3.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.12"},{"name":"CIS_Azure_1.3.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.13"},{"name":"CIS_Azure_1.3.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.14"},{"name":"CIS_Azure_1.3.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.15"},{"name":"CIS_Azure_1.3.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.1"},{"name":"CIS_Azure_1.3.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.2"},{"name":"CIS_Azure_1.3.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.3"},{"name":"CIS_Azure_1.3.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.4"},{"name":"CIS_Azure_1.3.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.5"},{"name":"CIS_Azure_1.3.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.6"},{"name":"CIS_Azure_1.3.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.7"},{"name":"CIS_Azure_1.3.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.8"},{"name":"CIS_Azure_1.3.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.9"},{"name":"CIS_Azure_1.3.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.10"},{"name":"CIS_Azure_1.3.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.11"},{"name":"CIS_Azure_1.3.0_4.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.1"},{"name":"CIS_Azure_1.3.0_4.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.2"},{"name":"CIS_Azure_1.3.0_4.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.3"},{"name":"CIS_Azure_1.3.0_4.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.1"},{"name":"CIS_Azure_1.3.0_4.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.2"},{"name":"CIS_Azure_1.3.0_4.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.3"},{"name":"CIS_Azure_1.3.0_4.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.4"},{"name":"CIS_Azure_1.3.0_4.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.5"},{"name":"CIS_Azure_1.3.0_4.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.1"},{"name":"CIS_Azure_1.3.0_4.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.2"},{"name":"CIS_Azure_1.3.0_4.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.3"},{"name":"CIS_Azure_1.3.0_4.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.4"},{"name":"CIS_Azure_1.3.0_4.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.5"},{"name":"CIS_Azure_1.3.0_4.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.6"},{"name":"CIS_Azure_1.3.0_4.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.7"},{"name":"CIS_Azure_1.3.0_4.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.8"},{"name":"CIS_Azure_1.3.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.4"},{"name":"CIS_Azure_1.3.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.5"},{"name":"CIS_Azure_1.3.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.1"},{"name":"CIS_Azure_1.3.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.2"},{"name":"CIS_Azure_1.3.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.3"},{"name":"CIS_Azure_1.3.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.4"},{"name":"CIS_Azure_1.3.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.5"},{"name":"CIS_Azure_1.3.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.1"},{"name":"CIS_Azure_1.3.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.2"},{"name":"CIS_Azure_1.3.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.3"},{"name":"CIS_Azure_1.3.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.4"},{"name":"CIS_Azure_1.3.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.5"},{"name":"CIS_Azure_1.3.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.6"},{"name":"CIS_Azure_1.3.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.7"},{"name":"CIS_Azure_1.3.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.8"},{"name":"CIS_Azure_1.3.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.9"},{"name":"CIS_Azure_1.3.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.3"},{"name":"CIS_Azure_1.3.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.1"},{"name":"CIS_Azure_1.3.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.2"},{"name":"CIS_Azure_1.3.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.3"},{"name":"CIS_Azure_1.3.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.4"},{"name":"CIS_Azure_1.3.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.5"},{"name":"CIS_Azure_1.3.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.6"},{"name":"CIS_Azure_1.3.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.1"},{"name":"CIS_Azure_1.3.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.2"},{"name":"CIS_Azure_1.3.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.3"},{"name":"CIS_Azure_1.3.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.4"},{"name":"CIS_Azure_1.3.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.5"},{"name":"CIS_Azure_1.3.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.6"},{"name":"CIS_Azure_1.3.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.7"},{"name":"CIS_Azure_1.3.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.1"},{"name":"CIS_Azure_1.3.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.2"},{"name":"CIS_Azure_1.3.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.3"},{"name":"CIS_Azure_1.3.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.4"},{"name":"CIS_Azure_1.3.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.5"},{"name":"CIS_Azure_1.3.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.1"},{"name":"CIS_Azure_1.3.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.2"},{"name":"CIS_Azure_1.3.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.3"},{"name":"CIS_Azure_1.3.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.4"},{"name":"CIS_Azure_1.3.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.5"},{"name":"CIS_Azure_1.3.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.6"},{"name":"CIS_Azure_1.3.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.7"},{"name":"CIS_Azure_1.3.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.8"},{"name":"CIS_Azure_1.3.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.9"},{"name":"CIS_Azure_1.3.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.10"},{"name":"CIS_Azure_1.3.0_9.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.11"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/612b5213-9160-4969-8578-1518bd2a000c","type":"Microsoft.Authorization/policySetDefinitions","name":"612b5213-9160-4969-8578-1518bd2a000c"},{"properties":{"displayName":"Flow + logs should be configured and enabled for every network security group","policyType":"BuiltIn","description":"Audit + for network security groups to verify if flow logs are configured and if flow + log status is enabled. Enabling flow logs allows to log information about + IP traffic flowing through network security group. It can be used for optimizing + network flows, monitoring throughput, verifying compliance, detecting intrusions + and more.","metadata":{"version":"1.0.0","category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"NetworkSecurityGroup_FlowLog_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41","parameters":{"effect":{"value":"[parameters(''effect'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"NetworkWatcherFlowLog_Enabled_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be","parameters":{"effect":{"value":"[parameters(''effect'')]"}},"groupNames":[]}],"policyDefinitionGroups":[]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/62329546-775b-4a3d-a4cb-eb4bb990d2c0","type":"Microsoft.Authorization/policySetDefinitions","name":"62329546-775b-4a3d-a4cb-eb4bb990d2c0"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest @@ -4592,13 +7069,13 @@ interactions: 27001:2013","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/iso27001-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/iso27001-init.","metadata":{"version":"4.0.2","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"[Deprecated]: + of resource types that should have resource logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["ISO27001-2013_A.9.2.5","ISO27001-2013_A.9.2.6"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["ISO27001-2013_A.9.2.5","ISO27001-2013_A.9.2.6"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.5"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.5"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.2.4"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["ISO27001-2013_A.6.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["ISO27001-2013_A.6.1.2"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["ISO27001-2013_A.12.5.1","ISO27001-2013_A.12.6.2"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["ISO27001-2013_A.8.2.1","ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["ISO27001-2013_A.13.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1","ISO27001-2013_A.13.2.1"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1","ISO27001-2013_A.13.2.1"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["ISO27001-2013_A.13.1.1"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]}],"policyDefinitionGroups":[{"name":"ISO27001-2013_A.5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.5.1.1"},{"name":"ISO27001-2013_A.5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.5.1.2"},{"name":"ISO27001-2013_A.6.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.1"},{"name":"ISO27001-2013_A.6.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.2"},{"name":"ISO27001-2013_A.6.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.3"},{"name":"ISO27001-2013_A.6.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.4"},{"name":"ISO27001-2013_A.6.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.5"},{"name":"ISO27001-2013_A.6.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.2.1"},{"name":"ISO27001-2013_A.6.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.2.2"},{"name":"ISO27001-2013_A.7.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.1.1"},{"name":"ISO27001-2013_A.7.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.1.2"},{"name":"ISO27001-2013_A.7.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.1"},{"name":"ISO27001-2013_A.7.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.2"},{"name":"ISO27001-2013_A.7.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.3"},{"name":"ISO27001-2013_A.7.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.3.1"},{"name":"ISO27001-2013_A.8.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.1"},{"name":"ISO27001-2013_A.8.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.2"},{"name":"ISO27001-2013_A.8.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.3"},{"name":"ISO27001-2013_A.8.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.4"},{"name":"ISO27001-2013_A.8.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.1"},{"name":"ISO27001-2013_A.8.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.2"},{"name":"ISO27001-2013_A.8.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.3"},{"name":"ISO27001-2013_A.8.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.1"},{"name":"ISO27001-2013_A.8.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.2"},{"name":"ISO27001-2013_A.8.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.3"},{"name":"ISO27001-2013_A.9.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.1.1"},{"name":"ISO27001-2013_A.9.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.1.2"},{"name":"ISO27001-2013_A.9.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.1"},{"name":"ISO27001-2013_A.9.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.2"},{"name":"ISO27001-2013_A.9.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.3"},{"name":"ISO27001-2013_A.9.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.4"},{"name":"ISO27001-2013_A.9.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.5"},{"name":"ISO27001-2013_A.9.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.6"},{"name":"ISO27001-2013_A.9.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.3.1"},{"name":"ISO27001-2013_A.9.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.1"},{"name":"ISO27001-2013_A.9.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.2"},{"name":"ISO27001-2013_A.9.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.3"},{"name":"ISO27001-2013_A.9.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.4"},{"name":"ISO27001-2013_A.9.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.5"},{"name":"ISO27001-2013_A.10.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.10.1.1"},{"name":"ISO27001-2013_A.10.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.10.1.2"},{"name":"ISO27001-2013_A.11.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.1"},{"name":"ISO27001-2013_A.11.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.2"},{"name":"ISO27001-2013_A.11.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.3"},{"name":"ISO27001-2013_A.11.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.4"},{"name":"ISO27001-2013_A.11.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.5"},{"name":"ISO27001-2013_A.11.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.6"},{"name":"ISO27001-2013_A.11.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.1"},{"name":"ISO27001-2013_A.11.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.2"},{"name":"ISO27001-2013_A.11.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.3"},{"name":"ISO27001-2013_A.11.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.4"},{"name":"ISO27001-2013_A.11.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.5"},{"name":"ISO27001-2013_A.11.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.6"},{"name":"ISO27001-2013_A.11.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.7"},{"name":"ISO27001-2013_A.11.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.8"},{"name":"ISO27001-2013_A.11.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.9"},{"name":"ISO27001-2013_A.12.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.1"},{"name":"ISO27001-2013_A.12.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.2"},{"name":"ISO27001-2013_A.12.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.3"},{"name":"ISO27001-2013_A.12.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.4"},{"name":"ISO27001-2013_A.12.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.2.1"},{"name":"ISO27001-2013_A.12.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.3.1"},{"name":"ISO27001-2013_A.12.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.1"},{"name":"ISO27001-2013_A.12.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.2"},{"name":"ISO27001-2013_A.12.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.3"},{"name":"ISO27001-2013_A.12.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.4"},{"name":"ISO27001-2013_A.12.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.5.1"},{"name":"ISO27001-2013_A.12.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.6.1"},{"name":"ISO27001-2013_A.12.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.6.2"},{"name":"ISO27001-2013_A.12.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.7.1"},{"name":"ISO27001-2013_A.13.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.1"},{"name":"ISO27001-2013_A.13.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.2"},{"name":"ISO27001-2013_A.13.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.3"},{"name":"ISO27001-2013_A.13.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.1"},{"name":"ISO27001-2013_A.13.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.2"},{"name":"ISO27001-2013_A.13.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.3"},{"name":"ISO27001-2013_A.13.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.4"},{"name":"ISO27001-2013_A.14.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.1"},{"name":"ISO27001-2013_A.14.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.2"},{"name":"ISO27001-2013_A.14.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.3"},{"name":"ISO27001-2013_A.14.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.1"},{"name":"ISO27001-2013_A.14.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.2"},{"name":"ISO27001-2013_A.14.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.3"},{"name":"ISO27001-2013_A.14.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.4"},{"name":"ISO27001-2013_A.14.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.5"},{"name":"ISO27001-2013_A.14.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.6"},{"name":"ISO27001-2013_A.14.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.7"},{"name":"ISO27001-2013_A.14.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.8"},{"name":"ISO27001-2013_A.14.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.9"},{"name":"ISO27001-2013_A.14.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.3.1"},{"name":"ISO27001-2013_A.15.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.1"},{"name":"ISO27001-2013_A.15.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.2"},{"name":"ISO27001-2013_A.15.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.3"},{"name":"ISO27001-2013_A.15.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.2.1"},{"name":"ISO27001-2013_A.15.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.2.2"},{"name":"ISO27001-2013_A.16.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.1"},{"name":"ISO27001-2013_A.16.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.2"},{"name":"ISO27001-2013_A.16.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.3"},{"name":"ISO27001-2013_A.16.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.4"},{"name":"ISO27001-2013_A.16.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.5"},{"name":"ISO27001-2013_A.16.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.6"},{"name":"ISO27001-2013_A.16.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.7"},{"name":"ISO27001-2013_A.17.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.1"},{"name":"ISO27001-2013_A.17.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.2"},{"name":"ISO27001-2013_A.17.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.3"},{"name":"ISO27001-2013_A.17.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.2.1"},{"name":"ISO27001-2013_A.18.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.1"},{"name":"ISO27001-2013_A.18.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.2"},{"name":"ISO27001-2013_A.18.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.3"},{"name":"ISO27001-2013_A.18.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.4"},{"name":"ISO27001-2013_A.18.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.5"},{"name":"ISO27001-2013_A.18.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.1"},{"name":"ISO27001-2013_A.18.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.2"},{"name":"ISO27001-2013_A.18.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"[Deprecated]: Audit Windows web servers that are not using secure communication protocols","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For @@ -4610,7 +7087,7 @@ interactions: DOD Impact Level 4","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of DOD Impact Level 4 (IL4) controls. Additional policies will be - added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint.","metadata":{"version":"5.0.0-deprecated","category":"Regulatory + added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint.","metadata":{"version":"6.0.1-deprecated","category":"Regulatory Compliance","deprecated":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Deprecated]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -4626,7 +7103,7 @@ interactions: local group; Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"[Deprecated]: Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) of the Log Analytics workspace where VMs agents should report"}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"[Deprecated]: - List of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfLocations":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfLocations":{"type":"Array","metadata":{"displayName":"[Deprecated]: List of regions where Network Watcher should be enabled","description":"To see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Vulnerability assessment should be enabled on SQL Managed @@ -4649,7 +7126,7 @@ interactions: Effect for policy: Geo-redundant backup should be enabled for Azure Database for PostgreSQL","description":"Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: - Adaptive Network Hardening recommendations should be applied on internet facing + Adaptive network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Web Application should only be accessible over HTTPS","description":"Azure @@ -4687,7 +7164,7 @@ interactions: more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Long-term geo-redundant backup should be enabled for Azure SQL Databases","description":"Azure Policy effect for this policy; for more - information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilitiesSecurityConfigurationsRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"kubernetesServicesUpgradedToNonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{}},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"securityContactPhoneNumberShouldBeProvidedForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{}},{"policyDefinitionReferenceId":"microsftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{}},{"policyDefinitionReferenceId":"NetworkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133","type":"Microsoft.Authorization/policySetDefinitions","name":"8d792a84-723c-4d92-a3c3-e4ed16a2d133"},{"properties":{"displayName":"[Deprecated]: + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilitiesSecurityConfigurationsRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"kubernetesServicesUpgradedToNonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{}},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{}},{"policyDefinitionReferenceId":"microsftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{}},{"policyDefinitionReferenceId":"NetworkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133","type":"Microsoft.Authorization/policySetDefinitions","name":"8d792a84-723c-4d92-a3c3-e4ed16a2d133"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs on which the specified services are not installed and ''Running''","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and ''Running''. For more @@ -4700,7 +7177,7 @@ interactions: initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/mpaa-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + For more information, visit https://aka.ms/mpaa-blueprint.","metadata":{"version":"4.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -4729,10 +7206,10 @@ interactions: required metric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Audit unrestricted network access to storage accounts","description":"Enable or disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: - Diagnostic logs in Logic Apps should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: - Required retention (in days) of diagnostic logs in Logic Apps workflows","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + Resource logs in Logic Apps should be enabled","description":"Enable or disable + the monitoring of resource logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention (in days) of resource logs in Logic Apps workflows","description":"The + required resource logs retention period in days"},"defaultValue":"365"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated","description":"Enable or disable monitoring of virtual machine scale sets OS vulnerabilities "},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"String","metadata":{"displayName":"[Preview]: @@ -4745,7 +7222,10 @@ interactions: must enable this policy setting."},"defaultValue":"1"},"vulnerabilityAssessmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"[Preview]: + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"[Preview]: + A vulnerability assessment solution should be enabled on your virtual machines","description":"Enable + or disable the detection of virtual machine vulnerabilities by Azure Security + Center vulnerability assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"[Preview]: Users or groups that may access this computer from the network","description":"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."},"defaultValue":"Administrators, @@ -4887,8 +7367,8 @@ interactions: of Service Bus namespace authorization rules"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services","description":"Enable or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: - Diagnostic logs in Search services should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"[Preview]: + Resource logs in Search services should be enabled","description":"Enable + or disable the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"[Preview]: Microsoft network client: Digitally sign communications (always)","description":"Specifies whether packet signing is required by the SMB client component."},"defaultValue":"1"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"String","metadata":{"displayName":"[Preview]: Microsoft network client: Send unencrypted password to third-party SMB servers","description":"Specifies @@ -4965,7 +7445,7 @@ interactions: or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountPoolDeleteStartEffect'')]"},"metricName":{"value":"[parameters(''MetricName'')]"}}},{"policyDefinitionReferenceId":"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3b823c9-e0fc-4453-9fb2-8213b7338523","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"applicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingForNetworkInterfaces","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","parameters":{}},{"policyDefinitionReferenceId":"sqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineWindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"windowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"windowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"windowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"windowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"windowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"windowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"windowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"windowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"windowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"windowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"windowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"windowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"windowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"windowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"windowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"windowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6c69680-54f0-4349-af10-94dd05f4225e","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"microsoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1417908b-4bff-46ee-a2a6-4acc899320ab","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"expirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"certificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"certificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"includeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"deployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''StoragePrefix'')]"},"rgName":{"value":"[parameters(''RgName'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"accountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"networkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"networkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8","type":"Microsoft.Authorization/policySetDefinitions","name":"92646f03-e39d-47a9-9e24-58d60ef49af8"},{"properties":{"displayName":"[Preview]: + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountPoolDeleteStartEffect'')]"},"metricName":{"value":"[parameters(''MetricName'')]"}}},{"policyDefinitionReferenceId":"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3b823c9-e0fc-4453-9fb2-8213b7338523","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"applicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingForNetworkInterfaces","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","parameters":{}},{"policyDefinitionReferenceId":"sqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineWindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"windowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"windowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"windowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"windowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"windowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"windowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"windowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"windowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"windowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"windowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"windowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"windowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"windowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"windowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"windowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"windowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6c69680-54f0-4349-af10-94dd05f4225e","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"microsoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1417908b-4bff-46ee-a2a6-4acc899320ab","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"expirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"certificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"certificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"includeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"deployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''StoragePrefix'')]"},"rgName":{"value":"[parameters(''RgName'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"accountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"networkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"networkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8","type":"Microsoft.Authorization/policySetDefinitions","name":"92646f03-e39d-47a9-9e24-58d60ef49af8"},{"properties":{"displayName":"[Preview]: Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.","metadata":{"version":"1.0.0-preview","category":"Security @@ -4980,10 +7460,17 @@ interactions: starting with Windows 10/Windows Server with update 1709. Setting this value to ''Non-Compliant'' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. - Setting this value to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"HITRUST/HIPAA","policyType":"BuiltIn","description":"This + Setting this value to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"[Preview]: + Deploy - Configure prerequisites to enable Azure Monitor and Azure Security + agents on virtual machines","policyType":"BuiltIn","description":"Configure + machines to automatically install the Azure Monitor and Azure Security agents. + Security Center collects events from the agents and uses them to provide security + alerts and tailored hardening tasks (recommendations). Create a resource group + and Log Analytics workspace in the same region as the machine to store audit + records. This policy only applies to VMs in a few regions.","metadata":{"category":"Monitoring","version":"1.0.0-preview","preview":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e"},{"policyDefinitionReferenceId":"ASC_DeployAzureSecurityLinuxAgent","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2"},{"policyDefinitionReferenceId":"ASC_DeployAzureSecurityWindowsAgent","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a15f3269-2e10-458c-87a4-d5989e678a73","type":"Microsoft.Authorization/policySetDefinitions","name":"a15f3269-2e10-458c-87a4-d5989e678a73"},{"properties":{"displayName":"HITRUST/HIPAA","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will - be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.","metadata":{"version":"4.1.0","category":"Regulatory + be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.","metadata":{"version":"5.1.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -5008,7 +7495,7 @@ interactions: of workspace IDs where Log Analytics agents should connect","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"},"defaultValue":""},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled","description":"Audit + of resource types that should have resource logs enabled","description":"Audit diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToInclude":{"type":"String","metadata":{"displayName":"List of users that must be included in Windows VM Administrators group","description":"A semicolon-separated list of members that should be included in the Administrators @@ -5023,29 +7510,29 @@ interactions: Name","description":"Administrative Operation name for which activity log alert should be configured"},"allowedValues":["Microsoft.Sql/servers/firewallRules/write","Microsoft.Sql/servers/firewallRules/delete","Microsoft.Network/networkSecurityGroups/write","Microsoft.Network/networkSecurityGroups/delete","Microsoft.ClassicNetwork/networkSecurityGroups/write","Microsoft.ClassicNetwork/networkSecurityGroups/delete","Microsoft.Network/networkSecurityGroups/securityRules/write","Microsoft.Network/networkSecurityGroups/securityRules/delete","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"],"defaultValue":"Microsoft.Sql/servers/firewallRules/write"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual network where VMs should be connected","description":"Resource Id of the virtual - network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"},"defaultValue":""},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"},"defaultValue":""},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Batch accounts should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL + resource logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL Managed Instance TDE protector should be encrypted with your own key","description":"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk encryption should be applied on virtual machines","description":"Enable or - disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Search services should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability + resource logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability assessment should be enabled on SQL Managed Instance","description":"Audit each SQL Managed Instance which doesn''t have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable insecure guest logons","description":"Specifies whether the SMB client will allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow simultaneous connections to the Internet or a Windows Domain","description":"Specify @@ -5103,15 +7590,15 @@ interactions: ports should be closed on your virtual machines","description":"Enable or disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated","description":"Enable - or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Event Hub should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System + resource logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System updates on virtual machine scale sets should be installed","description":"Enable - or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Virtual Machine Scale Sets should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System + or disable the monitoring of resource logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System updates should be installed on your machines","description":"Enable or disable reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts: Guest account status","description":"Specifies whether the local Guest account @@ -5197,8 +7684,7 @@ interactions: Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."},"defaultValue":"1"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect + retention period (days) for resource logs"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect for policy: [Only secure connections to your Redis Cache should be enabled]","description":"Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect for policy: [Secure transfer to storage accounts should be enabled]","description":"Azure @@ -5266,7 +7752,7 @@ interactions: Detect application installations and prompt for elevation","description":"Specifies the behavior of application installation detection for the computer."},"defaultValue":"1"},"uacRunAllAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC: Run all administrators in Admin Approval Mode","description":"Specifies the - behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["hipaa-1205.09aa2System.1-09.aa"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["hipaa-0302.09o2Organizational.1-09.o"]},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["hipaa-0301.09o1Organizational.123-09.o"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}},"groupNames":["hipaa-0635.10k1Organizational.12-10.k","hipaa-0636.10k2Organizational.1-10.k","hipaa-0637.10k2Organizational.2-10.k","hipaa-0638.10k2Organizational.34569-10.k","hipaa-0639.10k2Organizational.78-10.k","hipaa-0640.10k2Organizational.1012-10.k","hipaa-0641.10k2Organizational.11-10.k","hipaa-0642.10k3Organizational.12-10.k","hipaa-0643.10k3Organizational.3-10.k","hipaa-0644.10k3Organizational.4-10.k"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["hipaa-1634.12b1Organizational.1-12.b","hipaa-1638.12b2Organizational.345-12.b"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0710.10m2Organizational.1-10.m","hipaa-0719.10m3Organizational.5-10.m"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0712.10m2Organizational.4-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m"]},{"policyDefinitionReferenceId":"AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0914.09s1Organizational.6-09.s","hipaa-1196.01l3Organizational.24-01.l"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["hipaa-0835.09n1Organizational.1-09.n"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0866.09m3Organizational.1516-09.m"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j","hipaa-0607.10h2System.23-10.h","hipaa-1197.01l3Organizational.3-01.l"]},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}},"groupNames":["hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"groupNames":["hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0912.09s1Organizational.4-09.s","hipaa-1194.01l2Organizational.2-01.l"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"groupNames":["hipaa-0945.09y1Organizational.3-09.y"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1404.05i2Organizational.1-05.i"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1117.01j1Organizational.23-01.j","hipaa-1173.01j1Organizational.6-01.j","hipaa-1177.01j2Organizational.6-01.j","hipaa-11110.01q1Organizational.6-01.q"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m","hipaa-11180.01c3System.6-01.c","hipaa-1119.01j2Organizational.3-01.j","hipaa-1175.01j1Organizational.8-01.j","hipaa-1179.01j3Organizational.1-01.j","hipaa-1192.01l1Organizational.1-01.l"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1116.01j1Organizational.145-01.j","hipaa-1121.01j3Organizational.2-01.j","hipaa-1176.01j2Organizational.5-01.j","hipaa-11109.01q1Organizational.57-01.q"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["hipaa-1149.01c2System.9-01.c","hipaa-1153.01c3System.35-01.c","hipaa-1229.09c1Organizational.1-09.c"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}},"groupNames":["hipaa-1148.01c2System.78-01.c"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["hipaa-1143.01c1System.123-01.c","hipaa-1150.01c2System.10-01.c","hipaa-1193.01l2Organizational.13-01.l"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["hipaa-0607.10h2System.23-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0714.10m2Organizational.7-10.m","hipaa-0717.10m3Organizational.2-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["hipaa-1206.09aa2System.23-09.aa"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"groupNames":["hipaa-1637.12b2Organizational.2-12.b"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["hipaa-1620.09l1Organizational.8-09.l","hipaa-1625.09l3Organizational.34-09.l","hipaa-1699.09l1Organizational.10-09.l"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{},"groupNames":["hipaa-0836.09.n2Organizational.1-09.n","hipaa-0885.09n2Organizational.3-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["hipaa-0902.09s2Organizational.13-09.s","hipaa-0960.09sCSPOrganizational.1-09.s"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0859.09m1Organizational.78-09.m"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["hipaa-1145.01c2System.1-01.c","hipaa-1152.01c3System.2-01.c","hipaa-11208.01q1Organizational.8-01.q"]},{"policyDefinitionReferenceId":"keyVaultObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["hipaa-0913.09s1Organizational.5-09.s","hipaa-1325.09s1Organizational.3-09.s","hipaa-1195.01l3Organizational.1-01.l"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["hipaa-1619.09l1Organizational.7-09.l","hipaa-1624.09l3Organizational.12-09.l","hipaa-1627.09l3Organizational.6-09.l"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["hipaa-1276.09c2Organizational.2-09.c","hipaa-1278.09c2Organizational.56-09.c"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}},"groupNames":["hipaa-11210.01q2Organizational.10-01.q","hipaa-1125.01q2System.1-01.q"]},{"policyDefinitionReferenceId":"azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["hipaa-1212.09ab1System.1-09.ab","hipaa-1219.09ab3System.10-09.ab"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0946.09y2Organizational.14-09.y","hipaa-1451.05iCSPOrganizational.2-05.i"]},{"policyDefinitionReferenceId":"serviceBusShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"unattachedDisksShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["hipaa-0303.09o2Organizational.2-09.o"]},{"policyDefinitionReferenceId":"appServiceShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{},"groupNames":["hipaa-0835.09n1Organizational.1-09.n","hipaa-0887.09n2Organizational.5-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1203.09aa1System.2-09.aa"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["hipaa-0911.09s1Organizational.2-09.s"]},{"policyDefinitionReferenceId":"gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m"]},{"policyDefinitionReferenceId":"diagnosticLogsInIoTHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1204.09aa1System.3-09.aa"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0943.09y1Organizational.1-09.y","hipaa-1401.05i1Organizational.1239-05.i"]},{"policyDefinitionReferenceId":"azureMonitorShouldCollectActivityLogsFromAllRegions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["hipaa-1120.09ab3System.9-09.ab","hipaa-1214.09ab2System.3456-09.ab"]},{"policyDefinitionReferenceId":"automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["hipaa-1213.09ab2System.128-09.ab","hipaa-1220.09ab3System.56-09.ab"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["hipaa-1618.09l1Organizational.45-09.l","hipaa-1623.09l2Organizational.4-09.l","hipaa-1626.09l3Organizational.5-09.l"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["hipaa-1144.01c1System.4-01.c","hipaa-1151.01c3System.1-01.c","hipaa-1154.01c3System.4-01.c","hipaa-11112.01q2Organizational.67-01.q"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0711.10m2Organizational.23-10.m"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["hipaa-0901.09s1Organizational.1-09.s","hipaa-0916.09s2Organizational.4-09.s"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificates(IncomingClientCertificates)SetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["hipaa-0662.09sCSPOrganizational.2-09.s","hipaa-0915.09s2Organizational.2-09.s"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0867.09m3Organizational.17-09.m"]},{"policyDefinitionReferenceId":"auditWindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"workspaceId":{"value":"[parameters(''workspaceId'')]"}},"groupNames":["hipaa-12102.09ab1Organizational.4-09.ab","hipaa-1217.09ab3System.3-09.ab"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1402.05i1Organizational.45-05.i"]},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''usersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''usersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''usersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''usersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''usersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''usersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''usersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''usersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''userAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''usersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''usersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"groupNames":["hipaa-1232.09c3Organizational.12-09.c"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["hipaa-1617.09l1Organizational.23-09.l","hipaa-1622.09l2Organizational.23-09.l"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}},"groupNames":["hipaa-11211.01q2Organizational.11-01.q","hipaa-1127.01q2System.3-01.q"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["hipaa-1148.01c2System.78-01.c","hipaa-1230.09c2Organizational.1-09.c"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1403.05i1Organizational.67-05.i"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["hipaa-12100.09ab2System.15-09.ab","hipaa-1215.09ab2System.7-09.ab"]},{"policyDefinitionReferenceId":"sqlServerShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0862.09m2Organizational.8-09.m"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["hipaa-1209.09aa3System.2-09.aa"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["hipaa-0837.09.n2Organizational.2-09.n","hipaa-0886.09n2Organizational.4-09.n","hipaa-0888.09n2Organizational.6-09.n"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"members":{"value":"[parameters(''members'')]"}},"groupNames":["hipaa-1123.01q1System.2-01.q"]},{"policyDefinitionReferenceId":"auditSpecificAdministrativeOperationsWithoutActivityLogAlerts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"[parameters(''operationName'')]"}},"groupNames":["hipaa-1270.09ad1System.12-09.ad","hipaa-1271.09ad1System.1-09.ad"]},{"policyDefinitionReferenceId":"microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"containerRegistryShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0868.09m3Organizational.18-09.m","hipaa-0869.09m3Organizational.19-09.m","hipaa-0870.09m3Organizational.20-09.m","hipaa-0871.09m3Organizational.22-09.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0947.09y2Organizational.2-09.y","hipaa-1450.05i2Organizational.2-05.i"]},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["hipaa-1616.09l1Organizational.16-09.l","hipaa-1621.09l2Organizational.1-09.l"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"effect":{"value":"[parameters(''virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect'')]"},"virtualNetworkId":{"value":"[parameters(''virtualNetworkId'')]"}},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"eventHubShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0863.09m2Organizational.910-09.m"]},{"policyDefinitionReferenceId":"cosmosDBShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0864.09m2Organizational.12-09.m"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["hipaa-0605.10h1System.12-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0713.10m2Organizational.5-10.m","hipaa-0718.10m3Organizational.34-10.m"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["hipaa-1118.01j2Organizational.124-01.j","hipaa-1174.01j1Organizational.7-01.j","hipaa-1178.01j2Organizational.7-01.j","hipaa-11111.01q2System.4-01.q"]},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"uacAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''uacAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"uacDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''uacDetectApplicationInstallationsAndPromptForElevation'')]"},"uacRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacRunAllAdministratorsInAdminApprovalMode'')]"}},"groupNames":["hipaa-1277.09c2Organizational.4-09.c"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0948.09y2Organizational.3-09.y","hipaa-1418.05i1Organizational.8-05.i"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["hipaa-0606.10h2System.1-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0715.10m2Organizational.8-10.m"]},{"policyDefinitionReferenceId":"keyVaultShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0865.09m2Organizational.13-09.m"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["hipaa-1147.01c2System.456-01.c"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["hipaa-12101.09ab1Organizational.3-09.ab","hipaa-1216.09ab3System.12-09.ab"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["hipaa-1146.01c2System.23-01.c"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0716.10m3Organizational.1-10.m"]}],"policyDefinitionGroups":[{"name":"hipaa-0101.00a1Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"},{"name":"hipaa-0102.00a2Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"},{"name":"hipaa-0103.00a3Organizational.1234567-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"},{"name":"hipaa-0104.02a1Organizational.12-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"},{"name":"hipaa-0105.02a2Organizational.1-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"},{"name":"hipaa-0106.02a2Organizational.23-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"},{"name":"hipaa-0107.02d1Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"},{"name":"hipaa-0108.02d1Organizational.23-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"},{"name":"hipaa-0109.02d1Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"},{"name":"hipaa-0110.02d2Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"},{"name":"hipaa-0111.02d2Organizational.2-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"},{"name":"hipaa-01110.05a1Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"},{"name":"hipaa-01111.05a2Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"},{"name":"hipaa-0112.02d2Organizational.3-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"},{"name":"hipaa-0113.04a1Organizational.123-04.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"},{"name":"hipaa-0114.04b1Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"},{"name":"hipaa-0115.04b2Organizational.123-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"},{"name":"hipaa-0116.04b3Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"},{"name":"hipaa-0117.05a1Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"},{"name":"hipaa-0118.05a1Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"},{"name":"hipaa-0119.05a1Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"},{"name":"hipaa-0120.05a1Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"},{"name":"hipaa-0121.05a2Organizational.12-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"},{"name":"hipaa-0122.05a2Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"},{"name":"hipaa-0123.05a2Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"},{"name":"hipaa-0124.05a3Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"},{"name":"hipaa-0125.05a3Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"},{"name":"hipaa-0135.02f1Organizational.56-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"},{"name":"hipaa-0137.02a1Organizational.3-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"},{"name":"hipaa-0162.04b1Organizational.2-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"},{"name":"hipaa-0165.05a3Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"},{"name":"hipaa-0177.05h1Organizational.12-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"},{"name":"hipaa-0178.05h1Organizational.3-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"},{"name":"hipaa-0179.05h1Organizational.4-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"},{"name":"hipaa-0180.05h2Organizational.1-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"},{"name":"hipaa-0197.02d2Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"},{"name":"hipaa-0201.09j1Organizational.124-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"},{"name":"hipaa-0202.09j1Organizational.3-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"},{"name":"hipaa-0204.09j2Organizational.1-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"},{"name":"hipaa-0205.09j2Organizational.2-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"},{"name":"hipaa-0206.09j2Organizational.34-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"},{"name":"hipaa-0207.09j2Organizational.56-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"},{"name":"hipaa-0208.09j2Organizational.7-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"},{"name":"hipaa-0209.09m3Organizational.7-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"},{"name":"hipaa-0214.09j1Organizational.6-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"},{"name":"hipaa-0215.09j2Organizational.8-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"},{"name":"hipaa-0216.09j2Organizational.9-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"},{"name":"hipaa-0217.09j2Organizational.10-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"},{"name":"hipaa-0219.09j2Organizational.12-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"},{"name":"hipaa-0225.09k1Organizational.1-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"},{"name":"hipaa-0226.09k1Organizational.2-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"},{"name":"hipaa-0227.09k2Organizational.12-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"},{"name":"hipaa-0228.09k2Organizational.3-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"},{"name":"hipaa-0301.09o1Organizational.123-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"},{"name":"hipaa-0302.09o2Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"},{"name":"hipaa-0303.09o2Organizational.2-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"},{"name":"hipaa-0304.09o3Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"},{"name":"hipaa-0305.09q1Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"},{"name":"hipaa-0306.09q1Organizational.3-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"},{"name":"hipaa-0307.09q2Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"},{"name":"hipaa-0308.09q3Organizational.1-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"},{"name":"hipaa-0314.09q3Organizational.2-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"},{"name":"hipaa-0401.01x1System.124579-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"},{"name":"hipaa-0403.01x1System.8-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"},{"name":"hipaa-0404.01x1System.1011-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"},{"name":"hipaa-0405.01y1Organizational.12345678-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"},{"name":"hipaa-0407.01y2Organizational.1-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"},{"name":"hipaa-0408.01y3Organizational.12-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"},{"name":"hipaa-0409.01y3Organizational.3-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"},{"name":"hipaa-0410.01x1System.12-01.xMobileComputingandCommunications","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"},{"name":"hipaa-0415.01y1Organizational.10-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"},{"name":"hipaa-0416.01y3Organizational.4-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"},{"name":"hipaa-0417.01y3Organizational.5-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"},{"name":"hipaa-0425.01x1System.13-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"},{"name":"hipaa-0426.01x2System.1-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"},{"name":"hipaa-0427.01x2System.2-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"},{"name":"hipaa-0428.01x2System.3-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"},{"name":"hipaa-0429.01x1System.14-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"},{"name":"hipaa-0501.09m1Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"},{"name":"hipaa-0502.09m1Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"},{"name":"hipaa-0503.09m1Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"},{"name":"hipaa-0504.09m2Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"},{"name":"hipaa-0505.09m2Organizational.3-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"},{"name":"hipaa-0601.06g1Organizational.124-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"},{"name":"hipaa-0602.06g1Organizational.3-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"},{"name":"hipaa-0603.06g2Organizational.1-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"},{"name":"hipaa-0604.06g2Organizational.2-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"},{"name":"hipaa-0605.10h1System.12-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"},{"name":"hipaa-0606.10h2System.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"},{"name":"hipaa-0607.10h2System.23-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"},{"name":"hipaa-0613.06h1Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"},{"name":"hipaa-0614.06h2Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"},{"name":"hipaa-0615.06h2Organizational.3-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"},{"name":"hipaa-0618.09b1System.1-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"},{"name":"hipaa-0619.09b2System.12-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"},{"name":"hipaa-0620.09b2System.3-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"},{"name":"hipaa-0626.10h1System.3-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"},{"name":"hipaa-0627.10h1System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"},{"name":"hipaa-0628.10h1System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"},{"name":"hipaa-0629.10h2System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"},{"name":"hipaa-0630.10h2System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"},{"name":"hipaa-0635.10k1Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"},{"name":"hipaa-0636.10k2Organizational.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"},{"name":"hipaa-0637.10k2Organizational.2-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"},{"name":"hipaa-0638.10k2Organizational.34569-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"},{"name":"hipaa-0639.10k2Organizational.78-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"},{"name":"hipaa-0640.10k2Organizational.1012-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"},{"name":"hipaa-0641.10k2Organizational.11-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"},{"name":"hipaa-0642.10k3Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"},{"name":"hipaa-0643.10k3Organizational.3-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"},{"name":"hipaa-0644.10k3Organizational.4-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"},{"name":"hipaa-0662.09sCSPOrganizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"},{"name":"hipaa-0663.10h1System.7-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"},{"name":"hipaa-0663.10h2Organizational.9-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"},{"name":"hipaa-0664.10h2Organizational.10-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"},{"name":"hipaa-0669.10hCSPSystem.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"},{"name":"hipaa-0670.10hCSPSystem.2-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"},{"name":"hipaa-0671.10k1System.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"},{"name":"hipaa-0672.10k3System.5-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"},{"name":"hipaa-068.06g2Organizational.34-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"},{"name":"hipaa-069.06g2Organizational.56-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"},{"name":"hipaa-0701.07a1Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"},{"name":"hipaa-0702.07a1Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"},{"name":"hipaa-0703.07a2Organizational.1-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"},{"name":"hipaa-0704.07a3Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"},{"name":"hipaa-0705.07a3Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"},{"name":"hipaa-0706.10b1System.12-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"},{"name":"hipaa-0707.10b2System.1-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"},{"name":"hipaa-0708.10b2System.2-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"},{"name":"hipaa-0709.10m1Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"},{"name":"hipaa-0710.10m2Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"},{"name":"hipaa-0711.10m2Organizational.23-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"},{"name":"hipaa-0712.10m2Organizational.4-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"},{"name":"hipaa-0713.10m2Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"},{"name":"hipaa-0714.10m2Organizational.7-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"},{"name":"hipaa-0715.10m2Organizational.8-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"},{"name":"hipaa-0716.10m3Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"},{"name":"hipaa-0717.10m3Organizational.2-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"},{"name":"hipaa-0718.10m3Organizational.34-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"},{"name":"hipaa-0719.10m3Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"},{"name":"hipaa-0720.07a1Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"},{"name":"hipaa-0721.07a1Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"},{"name":"hipaa-0722.07a1Organizational.67-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"},{"name":"hipaa-0723.07a1Organizational.8-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"},{"name":"hipaa-0724.07a3Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"},{"name":"hipaa-0725.07a3Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"},{"name":"hipaa-0733.10b2System.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"},{"name":"hipaa-0786.10m2Organizational.13-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"},{"name":"hipaa-0787.10m2Organizational.14-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"},{"name":"hipaa-0788.10m3Organizational.20-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"},{"name":"hipaa-0789.10m3Organizational.21-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"},{"name":"hipaa-0790.10m3Organizational.22-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"},{"name":"hipaa-0791.10b2Organizational.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"},{"name":"hipaa-0805.01m1Organizational.12-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"},{"name":"hipaa-0806.01m2Organizational.12356-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"},{"name":"hipaa-0808.10b2System.3-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"},{"name":"hipaa-0809.01n2Organizational.1234-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"},{"name":"hipaa-0810.01n2Organizational.5-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"},{"name":"hipaa-08101.09m2Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"},{"name":"hipaa-08102.09nCSPOrganizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"},{"name":"hipaa-0811.01n2Organizational.6-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"},{"name":"hipaa-0812.01n2Organizational.8-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"},{"name":"hipaa-0814.01n1Organizational.12-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"},{"name":"hipaa-0815.01o2Organizational.123-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"},{"name":"hipaa-0816.01w1System.1-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"},{"name":"hipaa-0817.01w2System.123-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"},{"name":"hipaa-0818.01w3System.12-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"},{"name":"hipaa-0819.09m1Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"},{"name":"hipaa-0820.09m2Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"},{"name":"hipaa-0821.09m2Organizational.2-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"},{"name":"hipaa-0822.09m2Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"},{"name":"hipaa-0824.09m3Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"},{"name":"hipaa-0825.09m3Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"},{"name":"hipaa-0826.09m3Organizational.45-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"},{"name":"hipaa-0827.09m3Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"},{"name":"hipaa-0828.09m3Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"},{"name":"hipaa-0829.09m3Organizational.911-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"},{"name":"hipaa-0830.09m3Organizational.1012-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"},{"name":"hipaa-0832.09m3Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"},{"name":"hipaa-0835.09n1Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"},{"name":"hipaa-0836.09.n2Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"},{"name":"hipaa-0837.09.n2Organizational.2-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"},{"name":"hipaa-0850.01o1Organizational.12-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"},{"name":"hipaa-0858.09m1Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"},{"name":"hipaa-0859.09m1Organizational.78-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"},{"name":"hipaa-0860.09m1Organizational.9-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"},{"name":"hipaa-0861.09m2Organizational.67-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"},{"name":"hipaa-0862.09m2Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"},{"name":"hipaa-0863.09m2Organizational.910-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"},{"name":"hipaa-0864.09m2Organizational.12-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"},{"name":"hipaa-0865.09m2Organizational.13-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"},{"name":"hipaa-0866.09m3Organizational.1516-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"},{"name":"hipaa-0867.09m3Organizational.17-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"},{"name":"hipaa-0868.09m3Organizational.18-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"},{"name":"hipaa-0869.09m3Organizational.19-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"},{"name":"hipaa-0870.09m3Organizational.20-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"},{"name":"hipaa-0871.09m3Organizational.22-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"},{"name":"hipaa-0885.09n2Organizational.3-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"},{"name":"hipaa-0886.09n2Organizational.4-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"},{"name":"hipaa-0887.09n2Organizational.5-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"},{"name":"hipaa-0888.09n2Organizational.6-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"},{"name":"hipaa-0894.01m2Organizational.7-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"},{"name":"hipaa-0901.09s1Organizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"},{"name":"hipaa-0902.09s2Organizational.13-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"},{"name":"hipaa-0903.10f1Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"},{"name":"hipaa-0904.10f2Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"},{"name":"hipaa-0911.09s1Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"},{"name":"hipaa-0912.09s1Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"},{"name":"hipaa-0913.09s1Organizational.5-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"},{"name":"hipaa-0914.09s1Organizational.6-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"},{"name":"hipaa-0915.09s2Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"},{"name":"hipaa-0916.09s2Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"},{"name":"hipaa-0925.09v1Organizational.1-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"},{"name":"hipaa-0926.09v1Organizational.2-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"},{"name":"hipaa-0927.09v1Organizational.3-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"},{"name":"hipaa-0928.09v1Organizational.45-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"},{"name":"hipaa-0929.09v1Organizational.6-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"},{"name":"hipaa-0938.09x1Organizational.1-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"},{"name":"hipaa-0939.09x2Organizational.12-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"},{"name":"hipaa-0940.09x2Organizational.3-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"},{"name":"hipaa-0941.09x2Organizational.4-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"},{"name":"hipaa-0942.09x2Organizational.5-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"},{"name":"hipaa-0943.09y1Organizational.1-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"},{"name":"hipaa-0944.09y1Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"},{"name":"hipaa-0945.09y1Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"},{"name":"hipaa-0946.09y2Organizational.14-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"},{"name":"hipaa-0947.09y2Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"},{"name":"hipaa-0948.09y2Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"},{"name":"hipaa-0949.09y2Organizational.5-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"},{"name":"hipaa-0960.09sCSPOrganizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"},{"name":"hipaa-0961.09v1Organizational.7-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"},{"name":"hipaa-099.09m2Organizational.11-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"},{"name":"hipaa-1002.01d1System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"},{"name":"hipaa-1003.01d1System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"},{"name":"hipaa-1004.01d1System.8913-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"},{"name":"hipaa-1005.01d1System.1011-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"},{"name":"hipaa-1006.01d2System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"},{"name":"hipaa-1007.01d2System.2-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"},{"name":"hipaa-1008.01d2System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"},{"name":"hipaa-1009.01d2System.4-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"},{"name":"hipaa-1010.01d2System.5-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"},{"name":"hipaa-1014.01d1System.12-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"},{"name":"hipaa-1015.01d1System.14-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"},{"name":"hipaa-1022.01d1System.15-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"},{"name":"hipaa-1027.01d2System.6-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"},{"name":"hipaa-1031.01d1System.34510-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"},{"name":"hipaa-1106.01b1System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"},{"name":"hipaa-1107.01b1System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"},{"name":"hipaa-1108.01b1System.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"},{"name":"hipaa-1109.01b1System.479-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"},{"name":"hipaa-1110.01b1System.5-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"},{"name":"hipaa-11109.01q1Organizational.57-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"},{"name":"hipaa-1111.01b2System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"},{"name":"hipaa-11110.01q1Organizational.6-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"},{"name":"hipaa-11111.01q2System.4-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"},{"name":"hipaa-11112.01q2Organizational.67-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"},{"name":"hipaa-1112.01b2System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"},{"name":"hipaa-11126.01t1Organizational.12-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"},{"name":"hipaa-1114.01h1Organizational.123-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"},{"name":"hipaa-1115.01h1Organizational.45-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"},{"name":"hipaa-11154.02i1Organizational.5-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"},{"name":"hipaa-11155.02i2Organizational.2-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"},{"name":"hipaa-1116.01j1Organizational.145-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"},{"name":"hipaa-1117.01j1Organizational.23-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"},{"name":"hipaa-1118.01j2Organizational.124-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"},{"name":"hipaa-11180.01c3System.6-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"},{"name":"hipaa-1119.01j2Organizational.3-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"},{"name":"hipaa-11190.01t1Organizational.3-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"},{"name":"hipaa-1120.09ab3System.9-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"},{"name":"hipaa-11200.01b2Organizational.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"},{"name":"hipaa-11208.01q1Organizational.8-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"},{"name":"hipaa-11209.01q2Organizational.9-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"},{"name":"hipaa-1121.01j3Organizational.2-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"},{"name":"hipaa-11210.01q2Organizational.10-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"},{"name":"hipaa-11211.01q2Organizational.11-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"},{"name":"hipaa-11219.01b1Organizational.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"},{"name":"hipaa-1122.01q1System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"},{"name":"hipaa-11220.01b1System.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"},{"name":"hipaa-1123.01q1System.2-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"},{"name":"hipaa-1124.01q1System.34-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"},{"name":"hipaa-1125.01q2System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"},{"name":"hipaa-1127.01q2System.3-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"},{"name":"hipaa-1128.01q2System.5-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"},{"name":"hipaa-1129.01v1System.12-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"},{"name":"hipaa-1130.01v2System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"},{"name":"hipaa-1131.01v2System.2-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"},{"name":"hipaa-1132.01v2System.3-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"},{"name":"hipaa-1133.01v2System.4-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"},{"name":"hipaa-1134.01v3System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"},{"name":"hipaa-1135.02i1Organizational.1234-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"},{"name":"hipaa-1136.02i2Organizational.1-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"},{"name":"hipaa-1137.06e1Organizational.1-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"},{"name":"hipaa-1138.06e2Organizational.12-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"},{"name":"hipaa-1139.01b1System.68-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"},{"name":"hipaa-1143.01c1System.123-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"},{"name":"hipaa-1144.01c1System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"},{"name":"hipaa-1145.01c2System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"},{"name":"hipaa-1146.01c2System.23-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"},{"name":"hipaa-1147.01c2System.456-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"},{"name":"hipaa-1148.01c2System.78-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"},{"name":"hipaa-1149.01c2System.9-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"},{"name":"hipaa-1150.01c2System.10-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"},{"name":"hipaa-1151.01c3System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"},{"name":"hipaa-1152.01c3System.2-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"},{"name":"hipaa-1153.01c3System.35-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"},{"name":"hipaa-1154.01c3System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"},{"name":"hipaa-1166.01e1System.12-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"},{"name":"hipaa-1167.01e2System.1-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"},{"name":"hipaa-1168.01e2System.2-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"},{"name":"hipaa-1173.01j1Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"},{"name":"hipaa-1174.01j1Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"},{"name":"hipaa-1175.01j1Organizational.8-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"},{"name":"hipaa-1176.01j2Organizational.5-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"},{"name":"hipaa-1177.01j2Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"},{"name":"hipaa-1178.01j2Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"},{"name":"hipaa-1179.01j3Organizational.1-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"},{"name":"hipaa-1192.01l1Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"},{"name":"hipaa-1193.01l2Organizational.13-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"},{"name":"hipaa-1194.01l2Organizational.2-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"},{"name":"hipaa-1195.01l3Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"},{"name":"hipaa-1196.01l3Organizational.24-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"},{"name":"hipaa-1197.01l3Organizational.3-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"},{"name":"hipaa-1201.06e1Organizational.2-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"},{"name":"hipaa-1202.09aa1System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"},{"name":"hipaa-1203.09aa1System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"},{"name":"hipaa-1204.09aa1System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"},{"name":"hipaa-1205.09aa2System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"},{"name":"hipaa-1206.09aa2System.23-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"},{"name":"hipaa-1207.09aa2System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"},{"name":"hipaa-1208.09aa3System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"},{"name":"hipaa-1209.09aa3System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"},{"name":"hipaa-1210.09aa3System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"},{"name":"hipaa-12100.09ab2System.15-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"},{"name":"hipaa-12101.09ab1Organizational.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"},{"name":"hipaa-12102.09ab1Organizational.4-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"},{"name":"hipaa-12103.09ab1Organizational.5-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"},{"name":"hipaa-1211.09aa3System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"},{"name":"hipaa-1212.09ab1System.1-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"},{"name":"hipaa-1213.09ab2System.128-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"},{"name":"hipaa-1214.09ab2System.3456-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"},{"name":"hipaa-1215.09ab2System.7-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"},{"name":"hipaa-1216.09ab3System.12-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"},{"name":"hipaa-1217.09ab3System.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"},{"name":"hipaa-1218.09ab3System.47-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"},{"name":"hipaa-1219.09ab3System.10-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"},{"name":"hipaa-1220.09ab3System.56-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"},{"name":"hipaa-1222.09ab3System.8-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"},{"name":"hipaa-1229.09c1Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"},{"name":"hipaa-1230.09c2Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"},{"name":"hipaa-1231.09c2Organizational.23-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"},{"name":"hipaa-1232.09c3Organizational.12-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"},{"name":"hipaa-1233.09c3Organizational.3-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"},{"name":"hipaa-1270.09ad1System.12-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"},{"name":"hipaa-1271.09ad1System.1-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"},{"name":"hipaa-1276.09c2Organizational.2-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"},{"name":"hipaa-1277.09c2Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"},{"name":"hipaa-1278.09c2Organizational.56-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"},{"name":"hipaa-1279.09c3Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"},{"name":"hipaa-1301.02e1Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"},{"name":"hipaa-1302.02e2Organizational.134-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"},{"name":"hipaa-1303.02e2Organizational.2-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"},{"name":"hipaa-1304.02e3Organizational.1-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"},{"name":"hipaa-1305.02e3Organizational.23-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"},{"name":"hipaa-1306.06e1Organizational.5-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"},{"name":"hipaa-1307.07c1Organizational.124-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"},{"name":"hipaa-1308.09j1Organizational.5-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"},{"name":"hipaa-1309.01x1System.36-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"},{"name":"hipaa-1310.01y1Organizational.9-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"},{"name":"hipaa-1311.12c2Organizational.3-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"},{"name":"hipaa-1313.02e1Organizational.3-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"},{"name":"hipaa-1314.02e2Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"},{"name":"hipaa-1315.02e2Organizational.67-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"},{"name":"hipaa-1324.07c1Organizational.3-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"},{"name":"hipaa-1325.09s1Organizational.3-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"},{"name":"hipaa-1326.02e1Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"},{"name":"hipaa-1327.02e2Organizational.8-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"},{"name":"hipaa-1331.02e3Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"},{"name":"hipaa-1334.02e2Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"},{"name":"hipaa-1336.02e1Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"},{"name":"hipaa-1401.05i1Organizational.1239-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"},{"name":"hipaa-1402.05i1Organizational.45-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"},{"name":"hipaa-1403.05i1Organizational.67-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"},{"name":"hipaa-1404.05i2Organizational.1-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"},{"name":"hipaa-1406.05k1Organizational.110-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"},{"name":"hipaa-1407.05k2Organizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"},{"name":"hipaa-1408.09e1System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"},{"name":"hipaa-1409.09e2System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"},{"name":"hipaa-1410.09e2System.23-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"},{"name":"hipaa-1411.09f1System.1-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"},{"name":"hipaa-1412.09f2System.12-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"},{"name":"hipaa-1413.09f2System.3-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"},{"name":"hipaa-1416.10l1Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"},{"name":"hipaa-1417.10l2Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"},{"name":"hipaa-1418.05i1Organizational.8-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"},{"name":"hipaa-1419.05j1Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"},{"name":"hipaa-1421.05j2Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"},{"name":"hipaa-1422.05j2Organizational.3-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"},{"name":"hipaa-1423.05j2Organizational.4-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"},{"name":"hipaa-1424.05j2Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"},{"name":"hipaa-1428.05k1Organizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"},{"name":"hipaa-1429.05k1Organizational.34-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"},{"name":"hipaa-1430.05k1Organizational.56-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"},{"name":"hipaa-1431.05k1Organizational.7-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"},{"name":"hipaa-1432.05k1Organizational.89-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"},{"name":"hipaa-1438.09e2System.4-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"},{"name":"hipaa-1442.09f2System.456-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"},{"name":"hipaa-1450.05i2Organizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"},{"name":"hipaa-1451.05iCSPOrganizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"},{"name":"hipaa-1452.05kCSPOrganizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"},{"name":"hipaa-1453.05kCSPOrganizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"},{"name":"hipaa-1454.05kCSPOrganizational.3-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"},{"name":"hipaa-1455.05kCSPOrganizational.4-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"},{"name":"hipaa-1464.09e2Organizational.5-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"},{"name":"hipaa-1501.02f1Organizational.123-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"},{"name":"hipaa-1502.02f1Organizational.4-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"},{"name":"hipaa-1503.02f2Organizational.12-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"},{"name":"hipaa-1504.06e1Organizational.34-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"},{"name":"hipaa-1505.11a1Organizational.13-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"},{"name":"hipaa-1506.11a1Organizational.2-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"},{"name":"hipaa-1507.11a1Organizational.4-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"},{"name":"hipaa-1508.11a2Organizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"},{"name":"hipaa-1509.11a2Organizational.236-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"},{"name":"hipaa-1510.11a2Organizational.47-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"},{"name":"hipaa-1511.11a2Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"},{"name":"hipaa-1512.11a2Organizational.8-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"},{"name":"hipaa-1514.11a3Organizational.12-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"},{"name":"hipaa-1515.11a3Organizational.3-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"},{"name":"hipaa-1516.11c1Organizational.12-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"},{"name":"hipaa-1517.11c1Organizational.3-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"},{"name":"hipaa-1518.11c2Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"},{"name":"hipaa-1519.11c2Organizational.2-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"},{"name":"hipaa-1520.11c2Organizational.4-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"},{"name":"hipaa-1521.11c2Organizational.56-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"},{"name":"hipaa-1522.11c3Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"},{"name":"hipaa-1523.11c3Organizational.24-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"},{"name":"hipaa-1524.11a1Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"},{"name":"hipaa-1525.11a1Organizational.6-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"},{"name":"hipaa-1560.11d1Organizational.1-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"},{"name":"hipaa-1561.11d2Organizational.14-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"},{"name":"hipaa-1562.11d2Organizational.2-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"},{"name":"hipaa-1563.11d2Organizational.3-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"},{"name":"hipaa-1577.11aCSPOrganizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"},{"name":"hipaa-1581.02f1Organizational.7-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"},{"name":"hipaa-1587.11c2Organizational.10-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"},{"name":"hipaa-1589.11c1Organizational.5-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"},{"name":"hipaa-1601.12c1Organizational.1238-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"},{"name":"hipaa-1602.12c1Organizational.4567-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"},{"name":"hipaa-1603.12c1Organizational.9-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"},{"name":"hipaa-1604.12c2Organizational.16789-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"},{"name":"hipaa-1605.12c2Organizational.2-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"},{"name":"hipaa-1607.12c2Organizational.4-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"},{"name":"hipaa-1608.12c2Organizational.5-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"},{"name":"hipaa-1609.12c3Organizational.12-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"},{"name":"hipaa-1616.09l1Organizational.16-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"},{"name":"hipaa-1617.09l1Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"},{"name":"hipaa-1618.09l1Organizational.45-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"},{"name":"hipaa-1619.09l1Organizational.7-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"},{"name":"hipaa-1620.09l1Organizational.8-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"},{"name":"hipaa-1621.09l2Organizational.1-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"},{"name":"hipaa-1622.09l2Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"},{"name":"hipaa-1623.09l2Organizational.4-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"},{"name":"hipaa-1624.09l3Organizational.12-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"},{"name":"hipaa-1625.09l3Organizational.34-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"},{"name":"hipaa-1626.09l3Organizational.5-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"},{"name":"hipaa-1627.09l3Organizational.6-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"},{"name":"hipaa-1634.12b1Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"},{"name":"hipaa-1635.12b1Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"},{"name":"hipaa-1636.12b2Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"},{"name":"hipaa-1637.12b2Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"},{"name":"hipaa-1638.12b2Organizational.345-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"},{"name":"hipaa-1666.12d1Organizational.1235-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"},{"name":"hipaa-1667.12d1Organizational.4-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"},{"name":"hipaa-1668.12d1Organizational.67-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"},{"name":"hipaa-1669.12d1Organizational.8-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"},{"name":"hipaa-1670.12d2Organizational.1-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"},{"name":"hipaa-1671.12d2Organizational.2-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"},{"name":"hipaa-1672.12d2Organizational.3-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"},{"name":"hipaa-1699.09l1Organizational.10-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"},{"name":"hipaa-1704.03b1Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"},{"name":"hipaa-1705.03b2Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"},{"name":"hipaa-1706.03b1Organizational.3-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"},{"name":"hipaa-1707.03c1Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"},{"name":"hipaa-1708.03c2Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"},{"name":"hipaa-17101.10a3Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"},{"name":"hipaa-17120.10a3Organizational.5-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"},{"name":"hipaa-17126.03c1System.6-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"},{"name":"hipaa-1713.03c1Organizational.3-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"},{"name":"hipaa-1733.03d1Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"},{"name":"hipaa-1734.03d2Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"},{"name":"hipaa-1735.03d2Organizational.23-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"},{"name":"hipaa-1736.03d2Organizational.4-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"},{"name":"hipaa-1737.03d2Organizational.5-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"},{"name":"hipaa-1780.10a1Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"},{"name":"hipaa-1781.10a1Organizational.23-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"},{"name":"hipaa-1782.10a1Organizational.4-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"},{"name":"hipaa-1783.10a1Organizational.56-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"},{"name":"hipaa-1784.10a1Organizational.7-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"},{"name":"hipaa-1785.10a1Organizational.8-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"},{"name":"hipaa-1786.10a1Organizational.9-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"},{"name":"hipaa-1787.10a2Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"},{"name":"hipaa-1788.10a2Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"},{"name":"hipaa-1789.10a2Organizational.3-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"},{"name":"hipaa-1790.10a2Organizational.45-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"},{"name":"hipaa-1791.10a2Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"},{"name":"hipaa-1792.10a2Organizational.7814-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"},{"name":"hipaa-1793.10a2Organizational.91011-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"},{"name":"hipaa-1794.10a2Organizational.12-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"},{"name":"hipaa-1795.10a2Organizational.13-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"},{"name":"hipaa-1796.10a2Organizational.15-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"},{"name":"hipaa-1797.10a3Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"},{"name":"hipaa-1798.10a3Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"},{"name":"hipaa-1799.10a3Organizational.34-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"},{"name":"hipaa-1801.08b1Organizational.124-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"},{"name":"hipaa-1802.08b1Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"},{"name":"hipaa-1803.08b1Organizational.5-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"},{"name":"hipaa-1804.08b2Organizational.12-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"},{"name":"hipaa-1805.08b2Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"},{"name":"hipaa-1806.08b2Organizational.4-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"},{"name":"hipaa-1807.08b2Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"},{"name":"hipaa-1808.08b2Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"},{"name":"hipaa-1809.08b3Organizational.1-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"},{"name":"hipaa-1810.08b3Organizational.2-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"},{"name":"hipaa-18108.08j1Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"},{"name":"hipaa-18109.08j1Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"},{"name":"hipaa-1811.08b3Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"},{"name":"hipaa-18110.08j1Organizational.5-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"},{"name":"hipaa-18111.08j1Organizational.6-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"},{"name":"hipaa-18112.08j3Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"},{"name":"hipaa-1812.08b3Organizational.46-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"},{"name":"hipaa-18127.08l1Organizational.3-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"},{"name":"hipaa-1813.08b3Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"},{"name":"hipaa-18130.09p1Organizational.24-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"},{"name":"hipaa-18131.09p1Organizational.3-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"},{"name":"hipaa-1814.08d1Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"},{"name":"hipaa-18145.08b3Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"},{"name":"hipaa-18146.08b3Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"},{"name":"hipaa-1815.08d2Organizational.123-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"},{"name":"hipaa-1816.08d2Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"},{"name":"hipaa-1817.08d3Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"},{"name":"hipaa-1818.08d3Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"},{"name":"hipaa-1819.08j1Organizational.23-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"},{"name":"hipaa-1820.08j2Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"},{"name":"hipaa-1821.08j2Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"},{"name":"hipaa-1822.08j2Organizational.2-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"},{"name":"hipaa-1823.08j3Organizational.12-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"},{"name":"hipaa-1824.08j3Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"},{"name":"hipaa-1825.08l1Organizational.12456-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"},{"name":"hipaa-1826.09p1Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"},{"name":"hipaa-1827.09p2Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"},{"name":"hipaa-1844.08b1Organizational.6-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"},{"name":"hipaa-1845.08b1Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"},{"name":"hipaa-1846.08b2Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"},{"name":"hipaa-1847.08b2Organizational.910-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"},{"name":"hipaa-1848.08b2Organizational.11-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"},{"name":"hipaa-1862.08d1Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"},{"name":"hipaa-1863.08d1Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"},{"name":"hipaa-1901.06d1Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"},{"name":"hipaa-1902.06d1Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"},{"name":"hipaa-1903.06d1Organizational.3456711-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"},{"name":"hipaa-1904.06.d2Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"},{"name":"hipaa-1906.06.c1Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"},{"name":"hipaa-1907.06.c1Organizational.3-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"},{"name":"hipaa-1908.06.c1Organizational.4-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"},{"name":"hipaa-1911.06d1Organizational.13-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"},{"name":"hipaa-19134.05j1Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"},{"name":"hipaa-19141.06c1Organizational.7-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"},{"name":"hipaa-19142.06c1Organizational.8-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"},{"name":"hipaa-19143.06c1Organizational.9-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"},{"name":"hipaa-19144.06c2Organizational.1-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"},{"name":"hipaa-19145.06c2Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"},{"name":"hipaa-19242.06d1Organizational.14-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"},{"name":"hipaa-19243.06d1Organizational.15-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"},{"name":"hipaa-19245.06d2Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Kubernetes + behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["hipaa-1205.09aa2System.1-09.aa"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["hipaa-0302.09o2Organizational.1-09.o"]},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["hipaa-0301.09o1Organizational.123-09.o"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}},"groupNames":["hipaa-0635.10k1Organizational.12-10.k","hipaa-0636.10k2Organizational.1-10.k","hipaa-0637.10k2Organizational.2-10.k","hipaa-0638.10k2Organizational.34569-10.k","hipaa-0639.10k2Organizational.78-10.k","hipaa-0640.10k2Organizational.1012-10.k","hipaa-0641.10k2Organizational.11-10.k","hipaa-0642.10k3Organizational.12-10.k","hipaa-0643.10k3Organizational.3-10.k","hipaa-0644.10k3Organizational.4-10.k"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["hipaa-1634.12b1Organizational.1-12.b","hipaa-1638.12b2Organizational.345-12.b"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0710.10m2Organizational.1-10.m","hipaa-0719.10m3Organizational.5-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m"]},{"policyDefinitionReferenceId":"AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0914.09s1Organizational.6-09.s","hipaa-1196.01l3Organizational.24-01.l"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["hipaa-0835.09n1Organizational.1-09.n"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0866.09m3Organizational.1516-09.m"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j","hipaa-0607.10h2System.23-10.h","hipaa-1197.01l3Organizational.3-01.l"]},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}},"groupNames":["hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"groupNames":["hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0912.09s1Organizational.4-09.s","hipaa-1194.01l2Organizational.2-01.l"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"groupNames":["hipaa-0945.09y1Organizational.3-09.y"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1404.05i2Organizational.1-05.i"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1117.01j1Organizational.23-01.j","hipaa-1173.01j1Organizational.6-01.j","hipaa-1177.01j2Organizational.6-01.j","hipaa-11110.01q1Organizational.6-01.q"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m","hipaa-11180.01c3System.6-01.c","hipaa-1119.01j2Organizational.3-01.j","hipaa-1175.01j1Organizational.8-01.j","hipaa-1179.01j3Organizational.1-01.j","hipaa-1192.01l1Organizational.1-01.l"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1116.01j1Organizational.145-01.j","hipaa-1121.01j3Organizational.2-01.j","hipaa-1176.01j2Organizational.5-01.j","hipaa-11109.01q1Organizational.57-01.q"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["hipaa-1149.01c2System.9-01.c","hipaa-1153.01c3System.35-01.c","hipaa-1229.09c1Organizational.1-09.c"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}},"groupNames":["hipaa-1148.01c2System.78-01.c"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["hipaa-1143.01c1System.123-01.c","hipaa-1150.01c2System.10-01.c","hipaa-1193.01l2Organizational.13-01.l"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["hipaa-0607.10h2System.23-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0714.10m2Organizational.7-10.m","hipaa-0717.10m3Organizational.2-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["hipaa-1206.09aa2System.23-09.aa"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"groupNames":["hipaa-1637.12b2Organizational.2-12.b"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["hipaa-1620.09l1Organizational.8-09.l","hipaa-1625.09l3Organizational.34-09.l","hipaa-1699.09l1Organizational.10-09.l"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{},"groupNames":["hipaa-0836.09.n2Organizational.1-09.n","hipaa-0885.09n2Organizational.3-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["hipaa-0902.09s2Organizational.13-09.s","hipaa-0960.09sCSPOrganizational.1-09.s"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0859.09m1Organizational.78-09.m"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["hipaa-1145.01c2System.1-01.c","hipaa-1152.01c3System.2-01.c","hipaa-11208.01q1Organizational.8-01.q"]},{"policyDefinitionReferenceId":"keyVaultObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["hipaa-0913.09s1Organizational.5-09.s","hipaa-1325.09s1Organizational.3-09.s","hipaa-1195.01l3Organizational.1-01.l"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["hipaa-1619.09l1Organizational.7-09.l","hipaa-1624.09l3Organizational.12-09.l","hipaa-1627.09l3Organizational.6-09.l"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["hipaa-1276.09c2Organizational.2-09.c","hipaa-1278.09c2Organizational.56-09.c"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}},"groupNames":["hipaa-11210.01q2Organizational.10-01.q","hipaa-1125.01q2System.1-01.q"]},{"policyDefinitionReferenceId":"azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["hipaa-1212.09ab1System.1-09.ab","hipaa-1219.09ab3System.10-09.ab"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0946.09y2Organizational.14-09.y","hipaa-1451.05iCSPOrganizational.2-05.i"]},{"policyDefinitionReferenceId":"serviceBusShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"unattachedDisksShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["hipaa-0303.09o2Organizational.2-09.o"]},{"policyDefinitionReferenceId":"appServiceShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{},"groupNames":["hipaa-0835.09n1Organizational.1-09.n","hipaa-0887.09n2Organizational.5-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1203.09aa1System.2-09.aa"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["hipaa-0911.09s1Organizational.2-09.s"]},{"policyDefinitionReferenceId":"gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m"]},{"policyDefinitionReferenceId":"diagnosticLogsInIoTHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1204.09aa1System.3-09.aa"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0943.09y1Organizational.1-09.y","hipaa-1401.05i1Organizational.1239-05.i"]},{"policyDefinitionReferenceId":"azureMonitorShouldCollectActivityLogsFromAllRegions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["hipaa-1120.09ab3System.9-09.ab","hipaa-1214.09ab2System.3456-09.ab"]},{"policyDefinitionReferenceId":"automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["hipaa-1213.09ab2System.128-09.ab","hipaa-1220.09ab3System.56-09.ab"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["hipaa-1618.09l1Organizational.45-09.l","hipaa-1623.09l2Organizational.4-09.l","hipaa-1626.09l3Organizational.5-09.l"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["hipaa-1144.01c1System.4-01.c","hipaa-1151.01c3System.1-01.c","hipaa-1154.01c3System.4-01.c","hipaa-11112.01q2Organizational.67-01.q"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0711.10m2Organizational.23-10.m"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["hipaa-0901.09s1Organizational.1-09.s","hipaa-0916.09s2Organizational.4-09.s"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificates(IncomingClientCertificates)SetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["hipaa-0662.09sCSPOrganizational.2-09.s","hipaa-0915.09s2Organizational.2-09.s"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0867.09m3Organizational.17-09.m"]},{"policyDefinitionReferenceId":"auditWindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"workspaceId":{"value":"[parameters(''workspaceId'')]"}},"groupNames":["hipaa-12102.09ab1Organizational.4-09.ab","hipaa-1217.09ab3System.3-09.ab"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1402.05i1Organizational.45-05.i"]},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''usersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''usersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''usersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''usersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''usersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''usersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''usersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''usersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''userAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''usersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''usersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"groupNames":["hipaa-1232.09c3Organizational.12-09.c"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["hipaa-1617.09l1Organizational.23-09.l","hipaa-1622.09l2Organizational.23-09.l"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}},"groupNames":["hipaa-11211.01q2Organizational.11-01.q","hipaa-1127.01q2System.3-01.q"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["hipaa-1148.01c2System.78-01.c","hipaa-1230.09c2Organizational.1-09.c"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1403.05i1Organizational.67-05.i"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["hipaa-12100.09ab2System.15-09.ab","hipaa-1215.09ab2System.7-09.ab"]},{"policyDefinitionReferenceId":"sqlServerShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0862.09m2Organizational.8-09.m"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["hipaa-1209.09aa3System.2-09.aa"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["hipaa-0837.09.n2Organizational.2-09.n","hipaa-0886.09n2Organizational.4-09.n","hipaa-0888.09n2Organizational.6-09.n"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"members":{"value":"[parameters(''members'')]"}},"groupNames":["hipaa-1123.01q1System.2-01.q"]},{"policyDefinitionReferenceId":"auditSpecificAdministrativeOperationsWithoutActivityLogAlerts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"[parameters(''operationName'')]"}},"groupNames":["hipaa-1270.09ad1System.12-09.ad","hipaa-1271.09ad1System.1-09.ad"]},{"policyDefinitionReferenceId":"microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"containerRegistryShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0868.09m3Organizational.18-09.m","hipaa-0869.09m3Organizational.19-09.m","hipaa-0870.09m3Organizational.20-09.m","hipaa-0871.09m3Organizational.22-09.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0947.09y2Organizational.2-09.y","hipaa-1450.05i2Organizational.2-05.i"]},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["hipaa-1616.09l1Organizational.16-09.l","hipaa-1621.09l2Organizational.1-09.l"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"effect":{"value":"[parameters(''virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect'')]"},"virtualNetworkId":{"value":"[parameters(''virtualNetworkId'')]"}},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"eventHubShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0863.09m2Organizational.910-09.m"]},{"policyDefinitionReferenceId":"cosmosDBShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0864.09m2Organizational.12-09.m"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["hipaa-0605.10h1System.12-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0713.10m2Organizational.5-10.m","hipaa-0718.10m3Organizational.34-10.m"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["hipaa-1118.01j2Organizational.124-01.j","hipaa-1174.01j1Organizational.7-01.j","hipaa-1178.01j2Organizational.7-01.j","hipaa-11111.01q2System.4-01.q"]},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"uacAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''uacAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"uacDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''uacDetectApplicationInstallationsAndPromptForElevation'')]"},"uacRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacRunAllAdministratorsInAdminApprovalMode'')]"}},"groupNames":["hipaa-1277.09c2Organizational.4-09.c"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0948.09y2Organizational.3-09.y","hipaa-1418.05i1Organizational.8-05.i"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["hipaa-0606.10h2System.1-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0715.10m2Organizational.8-10.m"]},{"policyDefinitionReferenceId":"keyVaultShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0865.09m2Organizational.13-09.m"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["hipaa-1147.01c2System.456-01.c"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["hipaa-12101.09ab1Organizational.3-09.ab","hipaa-1216.09ab3System.12-09.ab"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["hipaa-1146.01c2System.23-01.c"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0716.10m3Organizational.1-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInManagedHsmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"managedHsmObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]}],"policyDefinitionGroups":[{"name":"hipaa-0101.00a1Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"},{"name":"hipaa-0102.00a2Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"},{"name":"hipaa-0103.00a3Organizational.1234567-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"},{"name":"hipaa-0104.02a1Organizational.12-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"},{"name":"hipaa-0105.02a2Organizational.1-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"},{"name":"hipaa-0106.02a2Organizational.23-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"},{"name":"hipaa-0107.02d1Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"},{"name":"hipaa-0108.02d1Organizational.23-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"},{"name":"hipaa-0109.02d1Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"},{"name":"hipaa-0110.02d2Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"},{"name":"hipaa-0111.02d2Organizational.2-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"},{"name":"hipaa-01110.05a1Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"},{"name":"hipaa-01111.05a2Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"},{"name":"hipaa-0112.02d2Organizational.3-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"},{"name":"hipaa-0113.04a1Organizational.123-04.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"},{"name":"hipaa-0114.04b1Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"},{"name":"hipaa-0115.04b2Organizational.123-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"},{"name":"hipaa-0116.04b3Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"},{"name":"hipaa-0117.05a1Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"},{"name":"hipaa-0118.05a1Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"},{"name":"hipaa-0119.05a1Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"},{"name":"hipaa-0120.05a1Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"},{"name":"hipaa-0121.05a2Organizational.12-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"},{"name":"hipaa-0122.05a2Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"},{"name":"hipaa-0123.05a2Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"},{"name":"hipaa-0124.05a3Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"},{"name":"hipaa-0125.05a3Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"},{"name":"hipaa-0135.02f1Organizational.56-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"},{"name":"hipaa-0137.02a1Organizational.3-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"},{"name":"hipaa-0162.04b1Organizational.2-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"},{"name":"hipaa-0165.05a3Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"},{"name":"hipaa-0177.05h1Organizational.12-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"},{"name":"hipaa-0178.05h1Organizational.3-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"},{"name":"hipaa-0179.05h1Organizational.4-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"},{"name":"hipaa-0180.05h2Organizational.1-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"},{"name":"hipaa-0197.02d2Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"},{"name":"hipaa-0201.09j1Organizational.124-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"},{"name":"hipaa-0202.09j1Organizational.3-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"},{"name":"hipaa-0204.09j2Organizational.1-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"},{"name":"hipaa-0205.09j2Organizational.2-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"},{"name":"hipaa-0206.09j2Organizational.34-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"},{"name":"hipaa-0207.09j2Organizational.56-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"},{"name":"hipaa-0208.09j2Organizational.7-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"},{"name":"hipaa-0209.09m3Organizational.7-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"},{"name":"hipaa-0214.09j1Organizational.6-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"},{"name":"hipaa-0215.09j2Organizational.8-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"},{"name":"hipaa-0216.09j2Organizational.9-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"},{"name":"hipaa-0217.09j2Organizational.10-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"},{"name":"hipaa-0219.09j2Organizational.12-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"},{"name":"hipaa-0225.09k1Organizational.1-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"},{"name":"hipaa-0226.09k1Organizational.2-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"},{"name":"hipaa-0227.09k2Organizational.12-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"},{"name":"hipaa-0228.09k2Organizational.3-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"},{"name":"hipaa-0301.09o1Organizational.123-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"},{"name":"hipaa-0302.09o2Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"},{"name":"hipaa-0303.09o2Organizational.2-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"},{"name":"hipaa-0304.09o3Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"},{"name":"hipaa-0305.09q1Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"},{"name":"hipaa-0306.09q1Organizational.3-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"},{"name":"hipaa-0307.09q2Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"},{"name":"hipaa-0308.09q3Organizational.1-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"},{"name":"hipaa-0314.09q3Organizational.2-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"},{"name":"hipaa-0401.01x1System.124579-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"},{"name":"hipaa-0403.01x1System.8-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"},{"name":"hipaa-0404.01x1System.1011-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"},{"name":"hipaa-0405.01y1Organizational.12345678-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"},{"name":"hipaa-0407.01y2Organizational.1-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"},{"name":"hipaa-0408.01y3Organizational.12-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"},{"name":"hipaa-0409.01y3Organizational.3-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"},{"name":"hipaa-0410.01x1System.12-01.xMobileComputingandCommunications","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"},{"name":"hipaa-0415.01y1Organizational.10-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"},{"name":"hipaa-0416.01y3Organizational.4-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"},{"name":"hipaa-0417.01y3Organizational.5-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"},{"name":"hipaa-0425.01x1System.13-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"},{"name":"hipaa-0426.01x2System.1-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"},{"name":"hipaa-0427.01x2System.2-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"},{"name":"hipaa-0428.01x2System.3-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"},{"name":"hipaa-0429.01x1System.14-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"},{"name":"hipaa-0501.09m1Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"},{"name":"hipaa-0502.09m1Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"},{"name":"hipaa-0503.09m1Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"},{"name":"hipaa-0504.09m2Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"},{"name":"hipaa-0505.09m2Organizational.3-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"},{"name":"hipaa-0601.06g1Organizational.124-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"},{"name":"hipaa-0602.06g1Organizational.3-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"},{"name":"hipaa-0603.06g2Organizational.1-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"},{"name":"hipaa-0604.06g2Organizational.2-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"},{"name":"hipaa-0605.10h1System.12-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"},{"name":"hipaa-0606.10h2System.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"},{"name":"hipaa-0607.10h2System.23-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"},{"name":"hipaa-0613.06h1Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"},{"name":"hipaa-0614.06h2Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"},{"name":"hipaa-0615.06h2Organizational.3-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"},{"name":"hipaa-0618.09b1System.1-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"},{"name":"hipaa-0619.09b2System.12-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"},{"name":"hipaa-0620.09b2System.3-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"},{"name":"hipaa-0626.10h1System.3-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"},{"name":"hipaa-0627.10h1System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"},{"name":"hipaa-0628.10h1System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"},{"name":"hipaa-0629.10h2System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"},{"name":"hipaa-0630.10h2System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"},{"name":"hipaa-0635.10k1Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"},{"name":"hipaa-0636.10k2Organizational.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"},{"name":"hipaa-0637.10k2Organizational.2-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"},{"name":"hipaa-0638.10k2Organizational.34569-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"},{"name":"hipaa-0639.10k2Organizational.78-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"},{"name":"hipaa-0640.10k2Organizational.1012-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"},{"name":"hipaa-0641.10k2Organizational.11-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"},{"name":"hipaa-0642.10k3Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"},{"name":"hipaa-0643.10k3Organizational.3-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"},{"name":"hipaa-0644.10k3Organizational.4-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"},{"name":"hipaa-0662.09sCSPOrganizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"},{"name":"hipaa-0663.10h1System.7-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"},{"name":"hipaa-0663.10h2Organizational.9-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"},{"name":"hipaa-0664.10h2Organizational.10-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"},{"name":"hipaa-0669.10hCSPSystem.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"},{"name":"hipaa-0670.10hCSPSystem.2-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"},{"name":"hipaa-0671.10k1System.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"},{"name":"hipaa-0672.10k3System.5-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"},{"name":"hipaa-068.06g2Organizational.34-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"},{"name":"hipaa-069.06g2Organizational.56-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"},{"name":"hipaa-0701.07a1Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"},{"name":"hipaa-0702.07a1Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"},{"name":"hipaa-0703.07a2Organizational.1-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"},{"name":"hipaa-0704.07a3Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"},{"name":"hipaa-0705.07a3Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"},{"name":"hipaa-0706.10b1System.12-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"},{"name":"hipaa-0707.10b2System.1-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"},{"name":"hipaa-0708.10b2System.2-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"},{"name":"hipaa-0709.10m1Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"},{"name":"hipaa-0710.10m2Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"},{"name":"hipaa-0711.10m2Organizational.23-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"},{"name":"hipaa-0712.10m2Organizational.4-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"},{"name":"hipaa-0713.10m2Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"},{"name":"hipaa-0714.10m2Organizational.7-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"},{"name":"hipaa-0715.10m2Organizational.8-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"},{"name":"hipaa-0716.10m3Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"},{"name":"hipaa-0717.10m3Organizational.2-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"},{"name":"hipaa-0718.10m3Organizational.34-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"},{"name":"hipaa-0719.10m3Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"},{"name":"hipaa-0720.07a1Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"},{"name":"hipaa-0721.07a1Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"},{"name":"hipaa-0722.07a1Organizational.67-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"},{"name":"hipaa-0723.07a1Organizational.8-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"},{"name":"hipaa-0724.07a3Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"},{"name":"hipaa-0725.07a3Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"},{"name":"hipaa-0733.10b2System.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"},{"name":"hipaa-0786.10m2Organizational.13-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"},{"name":"hipaa-0787.10m2Organizational.14-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"},{"name":"hipaa-0788.10m3Organizational.20-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"},{"name":"hipaa-0789.10m3Organizational.21-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"},{"name":"hipaa-0790.10m3Organizational.22-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"},{"name":"hipaa-0791.10b2Organizational.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"},{"name":"hipaa-0805.01m1Organizational.12-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"},{"name":"hipaa-0806.01m2Organizational.12356-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"},{"name":"hipaa-0808.10b2System.3-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"},{"name":"hipaa-0809.01n2Organizational.1234-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"},{"name":"hipaa-0810.01n2Organizational.5-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"},{"name":"hipaa-08101.09m2Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"},{"name":"hipaa-08102.09nCSPOrganizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"},{"name":"hipaa-0811.01n2Organizational.6-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"},{"name":"hipaa-0812.01n2Organizational.8-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"},{"name":"hipaa-0814.01n1Organizational.12-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"},{"name":"hipaa-0815.01o2Organizational.123-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"},{"name":"hipaa-0816.01w1System.1-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"},{"name":"hipaa-0817.01w2System.123-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"},{"name":"hipaa-0818.01w3System.12-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"},{"name":"hipaa-0819.09m1Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"},{"name":"hipaa-0820.09m2Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"},{"name":"hipaa-0821.09m2Organizational.2-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"},{"name":"hipaa-0822.09m2Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"},{"name":"hipaa-0824.09m3Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"},{"name":"hipaa-0825.09m3Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"},{"name":"hipaa-0826.09m3Organizational.45-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"},{"name":"hipaa-0827.09m3Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"},{"name":"hipaa-0828.09m3Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"},{"name":"hipaa-0829.09m3Organizational.911-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"},{"name":"hipaa-0830.09m3Organizational.1012-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"},{"name":"hipaa-0832.09m3Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"},{"name":"hipaa-0835.09n1Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"},{"name":"hipaa-0836.09.n2Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"},{"name":"hipaa-0837.09.n2Organizational.2-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"},{"name":"hipaa-0850.01o1Organizational.12-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"},{"name":"hipaa-0858.09m1Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"},{"name":"hipaa-0859.09m1Organizational.78-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"},{"name":"hipaa-0860.09m1Organizational.9-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"},{"name":"hipaa-0861.09m2Organizational.67-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"},{"name":"hipaa-0862.09m2Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"},{"name":"hipaa-0863.09m2Organizational.910-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"},{"name":"hipaa-0864.09m2Organizational.12-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"},{"name":"hipaa-0865.09m2Organizational.13-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"},{"name":"hipaa-0866.09m3Organizational.1516-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"},{"name":"hipaa-0867.09m3Organizational.17-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"},{"name":"hipaa-0868.09m3Organizational.18-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"},{"name":"hipaa-0869.09m3Organizational.19-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"},{"name":"hipaa-0870.09m3Organizational.20-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"},{"name":"hipaa-0871.09m3Organizational.22-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"},{"name":"hipaa-0885.09n2Organizational.3-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"},{"name":"hipaa-0886.09n2Organizational.4-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"},{"name":"hipaa-0887.09n2Organizational.5-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"},{"name":"hipaa-0888.09n2Organizational.6-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"},{"name":"hipaa-0894.01m2Organizational.7-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"},{"name":"hipaa-0901.09s1Organizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"},{"name":"hipaa-0902.09s2Organizational.13-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"},{"name":"hipaa-0903.10f1Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"},{"name":"hipaa-0904.10f2Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"},{"name":"hipaa-0911.09s1Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"},{"name":"hipaa-0912.09s1Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"},{"name":"hipaa-0913.09s1Organizational.5-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"},{"name":"hipaa-0914.09s1Organizational.6-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"},{"name":"hipaa-0915.09s2Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"},{"name":"hipaa-0916.09s2Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"},{"name":"hipaa-0925.09v1Organizational.1-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"},{"name":"hipaa-0926.09v1Organizational.2-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"},{"name":"hipaa-0927.09v1Organizational.3-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"},{"name":"hipaa-0928.09v1Organizational.45-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"},{"name":"hipaa-0929.09v1Organizational.6-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"},{"name":"hipaa-0938.09x1Organizational.1-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"},{"name":"hipaa-0939.09x2Organizational.12-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"},{"name":"hipaa-0940.09x2Organizational.3-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"},{"name":"hipaa-0941.09x2Organizational.4-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"},{"name":"hipaa-0942.09x2Organizational.5-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"},{"name":"hipaa-0943.09y1Organizational.1-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"},{"name":"hipaa-0944.09y1Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"},{"name":"hipaa-0945.09y1Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"},{"name":"hipaa-0946.09y2Organizational.14-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"},{"name":"hipaa-0947.09y2Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"},{"name":"hipaa-0948.09y2Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"},{"name":"hipaa-0949.09y2Organizational.5-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"},{"name":"hipaa-0960.09sCSPOrganizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"},{"name":"hipaa-0961.09v1Organizational.7-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"},{"name":"hipaa-099.09m2Organizational.11-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"},{"name":"hipaa-1002.01d1System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"},{"name":"hipaa-1003.01d1System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"},{"name":"hipaa-1004.01d1System.8913-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"},{"name":"hipaa-1005.01d1System.1011-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"},{"name":"hipaa-1006.01d2System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"},{"name":"hipaa-1007.01d2System.2-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"},{"name":"hipaa-1008.01d2System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"},{"name":"hipaa-1009.01d2System.4-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"},{"name":"hipaa-1010.01d2System.5-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"},{"name":"hipaa-1014.01d1System.12-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"},{"name":"hipaa-1015.01d1System.14-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"},{"name":"hipaa-1022.01d1System.15-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"},{"name":"hipaa-1027.01d2System.6-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"},{"name":"hipaa-1031.01d1System.34510-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"},{"name":"hipaa-1106.01b1System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"},{"name":"hipaa-1107.01b1System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"},{"name":"hipaa-1108.01b1System.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"},{"name":"hipaa-1109.01b1System.479-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"},{"name":"hipaa-1110.01b1System.5-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"},{"name":"hipaa-11109.01q1Organizational.57-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"},{"name":"hipaa-1111.01b2System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"},{"name":"hipaa-11110.01q1Organizational.6-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"},{"name":"hipaa-11111.01q2System.4-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"},{"name":"hipaa-11112.01q2Organizational.67-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"},{"name":"hipaa-1112.01b2System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"},{"name":"hipaa-11126.01t1Organizational.12-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"},{"name":"hipaa-1114.01h1Organizational.123-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"},{"name":"hipaa-1115.01h1Organizational.45-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"},{"name":"hipaa-11154.02i1Organizational.5-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"},{"name":"hipaa-11155.02i2Organizational.2-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"},{"name":"hipaa-1116.01j1Organizational.145-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"},{"name":"hipaa-1117.01j1Organizational.23-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"},{"name":"hipaa-1118.01j2Organizational.124-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"},{"name":"hipaa-11180.01c3System.6-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"},{"name":"hipaa-1119.01j2Organizational.3-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"},{"name":"hipaa-11190.01t1Organizational.3-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"},{"name":"hipaa-1120.09ab3System.9-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"},{"name":"hipaa-11200.01b2Organizational.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"},{"name":"hipaa-11208.01q1Organizational.8-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"},{"name":"hipaa-11209.01q2Organizational.9-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"},{"name":"hipaa-1121.01j3Organizational.2-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"},{"name":"hipaa-11210.01q2Organizational.10-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"},{"name":"hipaa-11211.01q2Organizational.11-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"},{"name":"hipaa-11219.01b1Organizational.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"},{"name":"hipaa-1122.01q1System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"},{"name":"hipaa-11220.01b1System.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"},{"name":"hipaa-1123.01q1System.2-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"},{"name":"hipaa-1124.01q1System.34-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"},{"name":"hipaa-1125.01q2System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"},{"name":"hipaa-1127.01q2System.3-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"},{"name":"hipaa-1128.01q2System.5-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"},{"name":"hipaa-1129.01v1System.12-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"},{"name":"hipaa-1130.01v2System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"},{"name":"hipaa-1131.01v2System.2-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"},{"name":"hipaa-1132.01v2System.3-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"},{"name":"hipaa-1133.01v2System.4-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"},{"name":"hipaa-1134.01v3System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"},{"name":"hipaa-1135.02i1Organizational.1234-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"},{"name":"hipaa-1136.02i2Organizational.1-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"},{"name":"hipaa-1137.06e1Organizational.1-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"},{"name":"hipaa-1138.06e2Organizational.12-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"},{"name":"hipaa-1139.01b1System.68-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"},{"name":"hipaa-1143.01c1System.123-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"},{"name":"hipaa-1144.01c1System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"},{"name":"hipaa-1145.01c2System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"},{"name":"hipaa-1146.01c2System.23-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"},{"name":"hipaa-1147.01c2System.456-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"},{"name":"hipaa-1148.01c2System.78-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"},{"name":"hipaa-1149.01c2System.9-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"},{"name":"hipaa-1150.01c2System.10-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"},{"name":"hipaa-1151.01c3System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"},{"name":"hipaa-1152.01c3System.2-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"},{"name":"hipaa-1153.01c3System.35-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"},{"name":"hipaa-1154.01c3System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"},{"name":"hipaa-1166.01e1System.12-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"},{"name":"hipaa-1167.01e2System.1-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"},{"name":"hipaa-1168.01e2System.2-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"},{"name":"hipaa-1173.01j1Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"},{"name":"hipaa-1174.01j1Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"},{"name":"hipaa-1175.01j1Organizational.8-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"},{"name":"hipaa-1176.01j2Organizational.5-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"},{"name":"hipaa-1177.01j2Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"},{"name":"hipaa-1178.01j2Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"},{"name":"hipaa-1179.01j3Organizational.1-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"},{"name":"hipaa-1192.01l1Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"},{"name":"hipaa-1193.01l2Organizational.13-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"},{"name":"hipaa-1194.01l2Organizational.2-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"},{"name":"hipaa-1195.01l3Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"},{"name":"hipaa-1196.01l3Organizational.24-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"},{"name":"hipaa-1197.01l3Organizational.3-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"},{"name":"hipaa-1201.06e1Organizational.2-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"},{"name":"hipaa-1202.09aa1System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"},{"name":"hipaa-1203.09aa1System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"},{"name":"hipaa-1204.09aa1System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"},{"name":"hipaa-1205.09aa2System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"},{"name":"hipaa-1206.09aa2System.23-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"},{"name":"hipaa-1207.09aa2System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"},{"name":"hipaa-1208.09aa3System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"},{"name":"hipaa-1209.09aa3System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"},{"name":"hipaa-1210.09aa3System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"},{"name":"hipaa-12100.09ab2System.15-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"},{"name":"hipaa-12101.09ab1Organizational.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"},{"name":"hipaa-12102.09ab1Organizational.4-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"},{"name":"hipaa-12103.09ab1Organizational.5-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"},{"name":"hipaa-1211.09aa3System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"},{"name":"hipaa-1212.09ab1System.1-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"},{"name":"hipaa-1213.09ab2System.128-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"},{"name":"hipaa-1214.09ab2System.3456-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"},{"name":"hipaa-1215.09ab2System.7-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"},{"name":"hipaa-1216.09ab3System.12-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"},{"name":"hipaa-1217.09ab3System.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"},{"name":"hipaa-1218.09ab3System.47-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"},{"name":"hipaa-1219.09ab3System.10-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"},{"name":"hipaa-1220.09ab3System.56-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"},{"name":"hipaa-1222.09ab3System.8-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"},{"name":"hipaa-1229.09c1Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"},{"name":"hipaa-1230.09c2Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"},{"name":"hipaa-1231.09c2Organizational.23-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"},{"name":"hipaa-1232.09c3Organizational.12-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"},{"name":"hipaa-1233.09c3Organizational.3-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"},{"name":"hipaa-1270.09ad1System.12-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"},{"name":"hipaa-1271.09ad1System.1-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"},{"name":"hipaa-1276.09c2Organizational.2-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"},{"name":"hipaa-1277.09c2Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"},{"name":"hipaa-1278.09c2Organizational.56-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"},{"name":"hipaa-1279.09c3Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"},{"name":"hipaa-1301.02e1Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"},{"name":"hipaa-1302.02e2Organizational.134-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"},{"name":"hipaa-1303.02e2Organizational.2-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"},{"name":"hipaa-1304.02e3Organizational.1-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"},{"name":"hipaa-1305.02e3Organizational.23-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"},{"name":"hipaa-1306.06e1Organizational.5-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"},{"name":"hipaa-1307.07c1Organizational.124-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"},{"name":"hipaa-1308.09j1Organizational.5-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"},{"name":"hipaa-1309.01x1System.36-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"},{"name":"hipaa-1310.01y1Organizational.9-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"},{"name":"hipaa-1311.12c2Organizational.3-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"},{"name":"hipaa-1313.02e1Organizational.3-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"},{"name":"hipaa-1314.02e2Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"},{"name":"hipaa-1315.02e2Organizational.67-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"},{"name":"hipaa-1324.07c1Organizational.3-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"},{"name":"hipaa-1325.09s1Organizational.3-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"},{"name":"hipaa-1326.02e1Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"},{"name":"hipaa-1327.02e2Organizational.8-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"},{"name":"hipaa-1331.02e3Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"},{"name":"hipaa-1334.02e2Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"},{"name":"hipaa-1336.02e1Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"},{"name":"hipaa-1401.05i1Organizational.1239-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"},{"name":"hipaa-1402.05i1Organizational.45-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"},{"name":"hipaa-1403.05i1Organizational.67-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"},{"name":"hipaa-1404.05i2Organizational.1-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"},{"name":"hipaa-1406.05k1Organizational.110-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"},{"name":"hipaa-1407.05k2Organizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"},{"name":"hipaa-1408.09e1System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"},{"name":"hipaa-1409.09e2System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"},{"name":"hipaa-1410.09e2System.23-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"},{"name":"hipaa-1411.09f1System.1-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"},{"name":"hipaa-1412.09f2System.12-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"},{"name":"hipaa-1413.09f2System.3-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"},{"name":"hipaa-1416.10l1Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"},{"name":"hipaa-1417.10l2Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"},{"name":"hipaa-1418.05i1Organizational.8-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"},{"name":"hipaa-1419.05j1Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"},{"name":"hipaa-1421.05j2Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"},{"name":"hipaa-1422.05j2Organizational.3-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"},{"name":"hipaa-1423.05j2Organizational.4-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"},{"name":"hipaa-1424.05j2Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"},{"name":"hipaa-1428.05k1Organizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"},{"name":"hipaa-1429.05k1Organizational.34-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"},{"name":"hipaa-1430.05k1Organizational.56-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"},{"name":"hipaa-1431.05k1Organizational.7-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"},{"name":"hipaa-1432.05k1Organizational.89-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"},{"name":"hipaa-1438.09e2System.4-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"},{"name":"hipaa-1442.09f2System.456-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"},{"name":"hipaa-1450.05i2Organizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"},{"name":"hipaa-1451.05iCSPOrganizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"},{"name":"hipaa-1452.05kCSPOrganizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"},{"name":"hipaa-1453.05kCSPOrganizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"},{"name":"hipaa-1454.05kCSPOrganizational.3-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"},{"name":"hipaa-1455.05kCSPOrganizational.4-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"},{"name":"hipaa-1464.09e2Organizational.5-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"},{"name":"hipaa-1501.02f1Organizational.123-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"},{"name":"hipaa-1502.02f1Organizational.4-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"},{"name":"hipaa-1503.02f2Organizational.12-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"},{"name":"hipaa-1504.06e1Organizational.34-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"},{"name":"hipaa-1505.11a1Organizational.13-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"},{"name":"hipaa-1506.11a1Organizational.2-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"},{"name":"hipaa-1507.11a1Organizational.4-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"},{"name":"hipaa-1508.11a2Organizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"},{"name":"hipaa-1509.11a2Organizational.236-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"},{"name":"hipaa-1510.11a2Organizational.47-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"},{"name":"hipaa-1511.11a2Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"},{"name":"hipaa-1512.11a2Organizational.8-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"},{"name":"hipaa-1514.11a3Organizational.12-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"},{"name":"hipaa-1515.11a3Organizational.3-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"},{"name":"hipaa-1516.11c1Organizational.12-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"},{"name":"hipaa-1517.11c1Organizational.3-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"},{"name":"hipaa-1518.11c2Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"},{"name":"hipaa-1519.11c2Organizational.2-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"},{"name":"hipaa-1520.11c2Organizational.4-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"},{"name":"hipaa-1521.11c2Organizational.56-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"},{"name":"hipaa-1522.11c3Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"},{"name":"hipaa-1523.11c3Organizational.24-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"},{"name":"hipaa-1524.11a1Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"},{"name":"hipaa-1525.11a1Organizational.6-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"},{"name":"hipaa-1560.11d1Organizational.1-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"},{"name":"hipaa-1561.11d2Organizational.14-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"},{"name":"hipaa-1562.11d2Organizational.2-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"},{"name":"hipaa-1563.11d2Organizational.3-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"},{"name":"hipaa-1577.11aCSPOrganizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"},{"name":"hipaa-1581.02f1Organizational.7-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"},{"name":"hipaa-1587.11c2Organizational.10-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"},{"name":"hipaa-1589.11c1Organizational.5-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"},{"name":"hipaa-1601.12c1Organizational.1238-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"},{"name":"hipaa-1602.12c1Organizational.4567-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"},{"name":"hipaa-1603.12c1Organizational.9-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"},{"name":"hipaa-1604.12c2Organizational.16789-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"},{"name":"hipaa-1605.12c2Organizational.2-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"},{"name":"hipaa-1607.12c2Organizational.4-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"},{"name":"hipaa-1608.12c2Organizational.5-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"},{"name":"hipaa-1609.12c3Organizational.12-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"},{"name":"hipaa-1616.09l1Organizational.16-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"},{"name":"hipaa-1617.09l1Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"},{"name":"hipaa-1618.09l1Organizational.45-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"},{"name":"hipaa-1619.09l1Organizational.7-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"},{"name":"hipaa-1620.09l1Organizational.8-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"},{"name":"hipaa-1621.09l2Organizational.1-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"},{"name":"hipaa-1622.09l2Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"},{"name":"hipaa-1623.09l2Organizational.4-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"},{"name":"hipaa-1624.09l3Organizational.12-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"},{"name":"hipaa-1625.09l3Organizational.34-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"},{"name":"hipaa-1626.09l3Organizational.5-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"},{"name":"hipaa-1627.09l3Organizational.6-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"},{"name":"hipaa-1634.12b1Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"},{"name":"hipaa-1635.12b1Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"},{"name":"hipaa-1636.12b2Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"},{"name":"hipaa-1637.12b2Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"},{"name":"hipaa-1638.12b2Organizational.345-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"},{"name":"hipaa-1666.12d1Organizational.1235-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"},{"name":"hipaa-1667.12d1Organizational.4-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"},{"name":"hipaa-1668.12d1Organizational.67-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"},{"name":"hipaa-1669.12d1Organizational.8-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"},{"name":"hipaa-1670.12d2Organizational.1-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"},{"name":"hipaa-1671.12d2Organizational.2-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"},{"name":"hipaa-1672.12d2Organizational.3-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"},{"name":"hipaa-1699.09l1Organizational.10-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"},{"name":"hipaa-1704.03b1Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"},{"name":"hipaa-1705.03b2Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"},{"name":"hipaa-1706.03b1Organizational.3-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"},{"name":"hipaa-1707.03c1Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"},{"name":"hipaa-1708.03c2Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"},{"name":"hipaa-17101.10a3Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"},{"name":"hipaa-17120.10a3Organizational.5-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"},{"name":"hipaa-17126.03c1System.6-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"},{"name":"hipaa-1713.03c1Organizational.3-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"},{"name":"hipaa-1733.03d1Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"},{"name":"hipaa-1734.03d2Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"},{"name":"hipaa-1735.03d2Organizational.23-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"},{"name":"hipaa-1736.03d2Organizational.4-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"},{"name":"hipaa-1737.03d2Organizational.5-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"},{"name":"hipaa-1780.10a1Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"},{"name":"hipaa-1781.10a1Organizational.23-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"},{"name":"hipaa-1782.10a1Organizational.4-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"},{"name":"hipaa-1783.10a1Organizational.56-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"},{"name":"hipaa-1784.10a1Organizational.7-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"},{"name":"hipaa-1785.10a1Organizational.8-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"},{"name":"hipaa-1786.10a1Organizational.9-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"},{"name":"hipaa-1787.10a2Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"},{"name":"hipaa-1788.10a2Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"},{"name":"hipaa-1789.10a2Organizational.3-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"},{"name":"hipaa-1790.10a2Organizational.45-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"},{"name":"hipaa-1791.10a2Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"},{"name":"hipaa-1792.10a2Organizational.7814-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"},{"name":"hipaa-1793.10a2Organizational.91011-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"},{"name":"hipaa-1794.10a2Organizational.12-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"},{"name":"hipaa-1795.10a2Organizational.13-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"},{"name":"hipaa-1796.10a2Organizational.15-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"},{"name":"hipaa-1797.10a3Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"},{"name":"hipaa-1798.10a3Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"},{"name":"hipaa-1799.10a3Organizational.34-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"},{"name":"hipaa-1801.08b1Organizational.124-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"},{"name":"hipaa-1802.08b1Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"},{"name":"hipaa-1803.08b1Organizational.5-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"},{"name":"hipaa-1804.08b2Organizational.12-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"},{"name":"hipaa-1805.08b2Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"},{"name":"hipaa-1806.08b2Organizational.4-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"},{"name":"hipaa-1807.08b2Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"},{"name":"hipaa-1808.08b2Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"},{"name":"hipaa-1809.08b3Organizational.1-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"},{"name":"hipaa-1810.08b3Organizational.2-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"},{"name":"hipaa-18108.08j1Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"},{"name":"hipaa-18109.08j1Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"},{"name":"hipaa-1811.08b3Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"},{"name":"hipaa-18110.08j1Organizational.5-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"},{"name":"hipaa-18111.08j1Organizational.6-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"},{"name":"hipaa-18112.08j3Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"},{"name":"hipaa-1812.08b3Organizational.46-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"},{"name":"hipaa-18127.08l1Organizational.3-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"},{"name":"hipaa-1813.08b3Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"},{"name":"hipaa-18130.09p1Organizational.24-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"},{"name":"hipaa-18131.09p1Organizational.3-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"},{"name":"hipaa-1814.08d1Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"},{"name":"hipaa-18145.08b3Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"},{"name":"hipaa-18146.08b3Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"},{"name":"hipaa-1815.08d2Organizational.123-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"},{"name":"hipaa-1816.08d2Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"},{"name":"hipaa-1817.08d3Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"},{"name":"hipaa-1818.08d3Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"},{"name":"hipaa-1819.08j1Organizational.23-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"},{"name":"hipaa-1820.08j2Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"},{"name":"hipaa-1821.08j2Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"},{"name":"hipaa-1822.08j2Organizational.2-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"},{"name":"hipaa-1823.08j3Organizational.12-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"},{"name":"hipaa-1824.08j3Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"},{"name":"hipaa-1825.08l1Organizational.12456-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"},{"name":"hipaa-1826.09p1Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"},{"name":"hipaa-1827.09p2Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"},{"name":"hipaa-1844.08b1Organizational.6-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"},{"name":"hipaa-1845.08b1Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"},{"name":"hipaa-1846.08b2Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"},{"name":"hipaa-1847.08b2Organizational.910-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"},{"name":"hipaa-1848.08b2Organizational.11-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"},{"name":"hipaa-1862.08d1Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"},{"name":"hipaa-1863.08d1Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"},{"name":"hipaa-1901.06d1Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"},{"name":"hipaa-1902.06d1Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"},{"name":"hipaa-1903.06d1Organizational.3456711-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"},{"name":"hipaa-1904.06.d2Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"},{"name":"hipaa-1906.06.c1Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"},{"name":"hipaa-1907.06.c1Organizational.3-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"},{"name":"hipaa-1908.06.c1Organizational.4-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"},{"name":"hipaa-1911.06d1Organizational.13-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"},{"name":"hipaa-19134.05j1Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"},{"name":"hipaa-19141.06c1Organizational.7-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"},{"name":"hipaa-19142.06c1Organizational.8-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"},{"name":"hipaa-19143.06c1Organizational.9-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"},{"name":"hipaa-19144.06c2Organizational.1-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"},{"name":"hipaa-19145.06c2Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"},{"name":"hipaa-19242.06d1Organizational.14-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"},{"name":"hipaa-19243.06d1Organizational.15-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"},{"name":"hipaa-19245.06d2Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Kubernetes cluster pod security baseline standards for Linux-based workloads","policyType":"BuiltIn","description":"This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), @@ -5299,28 +7785,628 @@ interactions: Configuration","deprecated":true},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"[Deprecated]: Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Deprecated]: - Audit Windows VMs that contain certificates expiring within the specified - number of days","policyType":"BuiltIn","description":"This initiative deploys - the policy requirements and audits Windows virtual machines that contain certificates - expiring within the specified number of days. For more information on Guest - Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.0.0-deprecated","category":"Guest - Configuration","deprecated":true},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"[Deprecated]: - Certificate store path","description":"The path to the certificate store containing - the certificates to check the expiration dates of. Default value is ''Cert:'' - which is the root certificate store path, so all certificates on the machine - will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'', - ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"[Deprecated]: - Expiration limit in days","description":"An integer indicating the number - of days within which to check for certificates that are expiring. For example, - if this value is 30, any certificate expiring within the next 30 days will - cause this policy to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"[Deprecated]: - Certificate thumbprints to include","description":"A semicolon-separated list - of certificate thumbprints to check under the specified path. If a value is - not specified, all certificates under the certificate store path will be checked. - If a value is specified, no certificates other than those with the thumbprints - specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"CertificateThumbprintsToExclude":{"type":"String","metadata":{"displayName":"[Deprecated]: - Certificate thumbprints to exclude","description":"A semicolon-separated list + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Preview]: + CMMC Level 3","policyType":"BuiltIn","description":"This initiative includes + policies that address a subset of Cybersecurity Maturity Model Certification + (CMMC) Level 3 requirements. Additional policies will be added in upcoming + releases. For more information, visit https://aka.ms/cmmc-initiative.","metadata":{"version":"3.0.0-preview","preview":true,"category":"Regulatory + Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating guest configuration policies","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine; + for more information, visit https://aka.ms/policy-pricing"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be excluded from Windows VM Administrators group","description":"A + semicolon-separated list of users that should be excluded in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be included in Windows VM Administrators group","description":"A + semicolon-separated list of users that should be included in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that Windows VM Administrators group must only include","description":"A + semicolon-separated list of all the expected members of the Administrators + local group; Ex: Administrator; myUser1; myUser2","deprecated":true},"defaultValue":"Administrator"},"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917":{"type":"String","metadata":{"displayName":"[Preview]: + Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) + of the Log Analytics workspace where VMs agents should report"}},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive network hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0b15565f-aa9e-48ba-8619-45960f2c314d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification to subscription owner for high severity + alerts should be enabled","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network Security: Configure encryption types allowed for Kerberos","description":"Specifies + the encryption types that Kerberos is allowed to use."},"defaultValue":"2147483644"},"NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: LAN Manager authentication level","description":"Specify + which challenge-response authentication protocol is used for network logons. + This choice affects the level of authentication protocol used by clients, + the level of session security negotiated, and the level of authentication + accepted by servers."},"defaultValue":"5"},"NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: LDAP client signing requirements","description":"Specify + the level of data signing that is requested on behalf of clients that issue + LDAP BIND requests."},"defaultValue":"1"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: Minimum session security for NTLM SSP based (including secure + RPC) clients","description":"Specifies which behaviors are allowed by clients + for applications using the NTLM Security Support Provider (SSP). The SSP Interface + (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers + for more information."},"defaultValue":"537395200"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: Minimum session security for NTLM SSP based (including secure + RPC) servers","description":"Specifies which behaviors are allowed by servers + for applications using the NTLM Security Support Provider (SSP). The SSP Interface + (SSPI) is used by applications that need authentication services."},"defaultValue":"537395200"},"effect-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - Network Security''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not restrict the minimum + password length to 14 characters","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope + when auditing Log Analytics agent deployment","description":"Example value: + ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope when + auditing Log Analytics agent deployment","description":"Example value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that have accounts without passwords","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subscriptions should have a contact email address for security + issues","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that allow re-use of the previous + 24 passwords","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-760a85ff-6162-42b3-8d70-698e268f648c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities should be remediated by a Vulnerability + Assessment solution","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-bf16e0bb-31e1-4646-8202-60a235cc7e74":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not have the password complexity + setting enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9":{"type":"Array","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Web app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-da0f98fe-a24b-4ad5-af69-bd0400233661":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not store passwords using + reversible encryption","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9b597639-28e4-48eb-b506-56b05d366257":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft IaaSAntimalware extension should be deployed + on Windows servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9daedab3-fb2d-461e-b861-71790eead4f6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: All network ports should be restricted on network security + groups associated to your virtual machine","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"},"effect-a70ca396-0a34-413a-88e1-b956c1e683be":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: The Log Analytics agent should be installed on virtual + machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"effect-b4d66858-c922-44e3-9566-5cdb7a7be744":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A security contact phone number should be provided for + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Preview]: + List of regions where Network Watcher should be enabled","description":"Audit + if Network Watcher is not enabled for region(s).","strongType":"location"},"defaultValue":["[]"]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Preview]: + Name of the resource group for Network Watcher","description":"Name of the + resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource + group where the Network Watchers are located."},"defaultValue":"NetworkWatcherRG"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Function app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that allow remote connections from + accounts without passwords","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-efbde977-ba53-4479-b8e9-10b957924fbf":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: The Log Analytics agent should be installed on Virtual + Machine Scale Sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e6955644-301c-44b5-a4c4-528577de6861":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that do not have the passwd file permissions + set to 0644","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fb893a29-21bb-418c-a157-e99480ec364c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable + Kubernetes version","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"operationName-3b980d31-7904-4bb7-8575-5665739a8052":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Security Operation name for which activity + log alert should exist","deprecated":true},"allowedValues":["Microsoft.Security/policies/write","Microsoft.Security/securitySolutions/write","Microsoft.Security/securitySolutions/delete"],"defaultValue":[]},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention period (days) for IoT Hub resource logs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Application Gateway","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Mode Requirement","description":"Mode required for all WAF policies"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Azure Front Door Service","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Mode Requirement","description":"Mode required for all WAF policies"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-361c2074-3595-4e5d-8cab-4f21dffc835c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deploy Advanced Threat Protection on Storage Accounts","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-b5f04e03-92a3-4b09-9410-2cc5e5047656":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deploy Advanced Threat Protection for Cosmos DB Accounts","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: All Internet traffic should be routed via your deployed + Azure Firewall","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-013e242c-8828-4970-87b3-ab247555486d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Backup should be enabled for Virtual Machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d38fc420-0735-4ef3-ac11-c806f651a570":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Long-term geo-redundant backup should be enabled for Azure + SQL Databases","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a1181c5f-672a-477a-979a-7d58aa086233":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Security Center standard pricing tier should be selected","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for Cognitive + Services accounts","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Function + Apps","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0fea8f8a-4169-495d-8307-30ec335f387d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every domain to access your API for + FHIR","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","disabled"],"defaultValue":"audit"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your API + App","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Remotely accessible registry paths","description":"Specifies + which registry paths will be accessible over the network, regardless of the + users or groups listed in the access control list (ACL) of the `winreg` registry + key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server + Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Remotely accessible registry paths and sub-paths","description":"Specifies + which registry paths and sub-paths will be accessible over the network, regardless + of the users or groups listed in the access control list (ACL) of the `winreg` + registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP + Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows + NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal + Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal + Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Shares that can be accessed anonymously","description":"Specifies + which network shares can be accessed by anonymous users. The default configuration + for this policy setting has little effect because all users have to be authenticated + before they can access shared resources on the server."},"defaultValue":"0"},"effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - Network Access''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for PostgreSQL + flexible servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for PostgreSQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c9299215-ae47-4f50-9c54-8a392f68a052":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MySQL flexible + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c9d007d0-c057-4772-b18c-01e546713bcd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should allow access from trusted Microsoft + services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Container registries should not allow unrestricted network + access","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d9844e8a-1437-4aeb-a32c-0c992f056095":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Kubernetes cluster pods should only use approved host network + and port range","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Preview]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods should + only use approved host network and port range","description":"List of Kubernetes + namespaces to exclude from policy evaluation."},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed host paths for pod hostPath volumes to use","description":"The host + paths allowed for pod hostPath volumes to use. Provide an empty paths list + to block all host paths."},"defaultValue":["{\"paths\":[]}"]},"allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Boolean","metadata":{"displayName":"[Preview]: + Allow host network usage for Kubernetes cluster pods","description":"Set this + value to true if pod is allowed to use host network otherwise false."},"defaultValue":false},"minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum value in the allowable host port range that pods can use in the host + network namespace","description":"The minimum value in the allowable host + port range that pods can use in the host network namespace."},"defaultValue":0},"maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Preview]: + Maximum value in the allowable host port range that pods can use in the host + network namespace","description":"The maximum value in the allowable host + port range that pods can use in the host network namespace."},"defaultValue":0},"effect-55615ac9-af46-4a59-874e-391cc3dfb490":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Firewall should be enabled on Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Admin Approval Mode for the Built-in Administrator account","description":"Specifies + the behavior of Admin Approval Mode for the built-in Administrator account."},"defaultValue":"1"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Behavior of the elevation prompt for administrators in Admin Approval + Mode","description":"Specifies the behavior of the elevation prompt for administrators."},"defaultValue":"2"},"UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Detect application installations and prompt for elevation","description":"Specifies + the behavior of application installation detection for the computer."},"defaultValue":"1"},"UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Run all administrators in Admin Approval Mode","description":"Specifies + the behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"},"effect-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - User Account Control''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may log on locally","description":"Specifies which remote + users on the network are permitted to connect to the computer. This does not + include Remote Desktop Connection."},"defaultValue":"Administrators, Authenticated + Users"},"UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may log on locally","description":"Specifies which users + or groups can interactively log on to the computer. Users who attempt to log + on via Remote Desktop Connection or IIS also require this user right."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Remote Desktop Users","description":"Users or groups that may log on through + Remote Desktop Services"},"defaultValue":"Administrators"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied access to this computer from the network","description":"Specifies + which users or groups are explicitly prohibited from connecting to the computer + across the network."},"defaultValue":"Guests"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may manage auditing and security log","description":"Specifies + users and groups permitted to change the auditing options for files and directories + and clear the Security log."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may back up files and directories","description":"Specifies + users and groups allowed to circumvent file and directory permissions to back + up the system."},"defaultValue":"Administrators, Backup Operators"},"UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may change the system time","description":"Specifies + which users and groups are permitted to change the time and date on the internal + clock of the computer."},"defaultValue":"Administrators, LOCAL SERVICE"},"UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may change the time zone","description":"Specifies which + users and groups are permitted to change the time zone of the computer."},"defaultValue":"Administrators, + LOCAL SERVICE"},"UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may create a token object","description":"Specifies which + users and groups are permitted to create an access token, which may provide + elevated rights to access sensitive data."},"defaultValue":"No One"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied logging on as a batch job","description":"Specifies + which users and groups are explicitly not permitted to log on to the computer + as a batch job (i.e. scheduled task)."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied logging on as a service","description":"Specifies + which service accounts are explicitly not permitted to register a process + as a service."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied local logon","description":"Specifies which + users and groups are explicitly not permitted to log on to the computer."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied log on through Remote Desktop Services","description":"Specifies + which users and groups are explicitly not permitted to log on to the computer + via Terminal Services/Remote Desktop Client."},"defaultValue":"Guests"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + User and groups that may force shutdown from a remote system","description":"Specifies + which users and groups are permitted to shut down the computer from a remote + location on the network."},"defaultValue":"Administrators"},"UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that may restore files and directories","description":"Specifies + which users and groups are permitted to bypass file, directory, registry, + and other persistent object permissions when restoring backed up files and + directories."},"defaultValue":"Administrators, Backup Operators"},"UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that may shut down the system","description":"Specifies which + users and groups who are logged on locally to the computers in your environment + are permitted to shut down the operating system with the Shut Down command."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may take ownership of files or other objects","description":"Specifies + which users and groups are permitted to take ownership of files, folders, + registry keys, processes, or threads. This user right bypasses any permissions + that are in place to protect objects to give ownership to the specified user."},"defaultValue":"Administrators"},"effect-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''User Rights + Assignment''","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-87845465-c458-45f3-af66-dcd62176f397":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''System + Audit Policies - Privilege Use''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit usage of custom RBAC rules","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b954148f-4c11-4c38-8221-be76711e194a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations","description":"For more information about effects, visit https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"operationName-b954148f-4c11-4c38-8221-be76711e194a":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Administrative Operation name for which activity + log alert should be configured","deprecated":true},"allowedValues":["Microsoft.Sql/servers/firewallRules/write","Microsoft.Sql/servers/firewallRules/delete","Microsoft.Network/networkSecurityGroups/write","Microsoft.Network/networkSecurityGroups/delete","Microsoft.ClassicNetwork/networkSecurityGroups/write","Microsoft.ClassicNetwork/networkSecurityGroups/delete","Microsoft.Network/networkSecurityGroups/securityRules/write","Microsoft.Network/networkSecurityGroups/securityRules/delete","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"],"defaultValue":[]},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.ClassicNetwork/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Virtual machines should have the Guest Configuration extension","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Guest Configuration extension should be deployed to Azure + virtual machines with system assigned managed identity","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Monitor log profile should collect logs for categories + ''write,'' ''delete,'' and ''action''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7796937f-307b-4598-941c-67d3a05ebfe7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure subscriptions should have a log profile for Activity + Log","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Policy Operation name for which activity log + alert should exist","deprecated":true},"allowedValues":["Microsoft.Authorization/policyAssignments/write","Microsoft.Authorization/policyAssignments/delete"],"defaultValue":[]},"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Monitor should collect activity logs from all regions","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b02aacc0-b073-424e-8298-42b22829ee0a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Activity log should be retained for at least one year","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"TimeZone-c633f6a2-7f8b-4d9e-9456-02f0f04f5505":{"type":"String","metadata":{"displayName":"[Preview]: + Time zone","description":"The expected time zone","deprecated":true},"allowedValues":[],"defaultValue":[]},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MariaDB","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-48af4db5-9b8b-401c-8e74-076be876a430":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for PostgreSQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-82339799-d096-41ae-8538-b108becf0970":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MySQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f0f936f-2f01-4bf5-b6be-d423792fa562":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in Azure Container Registry images should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-bb91dfba-c30d-4263-9add-9c2384e659a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Non-internet-facing virtual machines should be protected + with network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e71308d3-144b-4262-b144-efdc3cc90517":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subnets should be associated with a Network Security Group","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed key types","description":"The list of allowed key types"},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM","EC","EC-HSM"]},"effect-75c4f823-d65c-4f29-a733-01d0077fdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should be the specified cryptographic type RSA or + EC","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum RSA key size for keys","description":"The minimum key size for RSA + keys."},"allowedValues":[2048,3072,4096],"defaultValue":2048},"effect-82067dbb-e53b-4e06-b631-546d197452d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys using RSA cryptography should have a specified minimum + key size","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum RSA key size certificates","description":"The minimum key size for + RSA certificates."},"allowedValues":[2048,3072,4096],"defaultValue":2048},"effect-cee51871-e572-4576-855c-047c820360f0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Certificates using RSA cryptography should have the specified + minimum key size","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed elliptic curve names","description":"The list of allowed curve names + for elliptic curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys using elliptic curve cryptography should have the + specified curve names","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-24fba194-95d6-48c0-aea7-f65bf859c598":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Infrastructure encryption should be enabled for Azure Database + for PostgreSQL servers","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should enable data encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-3a58212a-c829-4f13-9872-6371df2fd0b4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Infrastructure encryption should be enabled for Azure Database + for MySQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should have infrastructure encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should enable data encryption + with customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Data Explorer encryption at rest should use a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c349d81b-9985-44ae-a8da-ff98d108ede8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Data Box jobs should enable double encryption for + data at rest on the device","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8":{"type":"Array","metadata":{"displayName":"[Preview]: + Azure Data Box SKUs that support software-based double encryption","description":"The + list of Azure Data Box SKUs that support software-based double encryption"},"allowedValues":["DataBox","DataBoxHeavy"],"defaultValue":["DataBox","DataBoxHeavy"]},"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be enabled on Azure Data Explorer","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Double encryption should be enabled on Azure Data Explorer","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL managed instances should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-051cba44-2429-45b9-9649-46cec11c7119":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure API for FHIR should use a customer-managed key to + encrypt data at rest","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","disabled"],"defaultValue":"audit"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should use customer-managed keys to encrypt + data at rest","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Unattached disks should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Automation account variables should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Container registries should be encrypted with a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-617c02be-7f02-4efd-8836-3180d47b6c68":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel + property set to EncryptAndSign","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Both operating systems and data disks in Azure Kubernetes + Service clusters should be encrypted by customer-managed keys","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Stream Analytics jobs should use customer-managed + keys to encrypt data","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-f7d52b2d-e161-4dfa-a82b-55e564167385":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Synapse workspaces should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft Antimalware for Azure should be configured to + automatically update protection signatures","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have soft delete enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-123a3936-f020-408a-ba0c-47873faf1534":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Allowlist rules in your adaptive application control policy + should be updated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Linux machines should meet requirements for the Azure security + baseline","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Audit Authentication Policy Change","description":"Specifies whether audit + events are generated when changes are made to authentication policy. This + setting is useful for tracking changes in domain-level and forest-level trust + and privileges that are granted to user accounts or groups."},"allowedValues":["No + Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Audit Authorization Policy Change","description":"Specifies whether audit + events are generated for assignment and removal of user rights in user right + policies, changes in security token object permission, resource attributes + changes and Central Access Policy changes for file system objects."},"allowedValues":["No + Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''System + Audit Policies - Policy Change''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"}},"groupNames":["CMMC_L3_AC.3.017"]},{"policyDefinitionReferenceId":"f47b5582-33ec-4c5c-87c0-b010a6b2e917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"0b15565f-aa9e-48ba-8619-45960f2c314d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''effect-0b15565f-aa9e-48ba-8619-45960f2c314d'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityLANManagerAuthenticationLevel":{"value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityLDAPClientSigningRequirements":{"value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84'')]"},"effect":{"value":"[parameters(''effect-1221c620-d201-468c-81e7-2817e6107e84'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.2.064","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"a2d0e922-65d0-40c4-8f87-ea6da2d307a2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2'')]"}},"groupNames":["CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_SI.1.211"]},{"policyDefinitionReferenceId":"32133ab0-ee4b-4b44-98d6-042180979d50","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.013","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183","CMMC_L3_SC.3.185","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.061","CMMC_L3_CM.2.063","CMMC_L3_CM.3.068","CMMC_L3_CM.3.069"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.007"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.007"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["CMMC_L3_AC.1.001"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"5b054a0d-39e2-4d53-bea3-9734cad2c69b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b'')]"}},"groupNames":["CMMC_L3_IA.2.079"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"bf16e0bb-31e1-4646-8202-60a235cc7e74","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-bf16e0bb-31e1-4646-8202-60a235cc7e74'')]"}},"groupNames":["CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048","CMMC_L3_AU.3.049"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"8c122334-9d20-4eb8-89ea-ac9a705b74ae","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{"effect":{"value":"[parameters(''effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"da0f98fe-a24b-4ad5-af69-bd0400233661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-da0f98fe-a24b-4ad5-af69-bd0400233661'')]"}},"groupNames":["CMMC_L3_IA.2.081","CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"991310cd-e9f3-47bc-b7b6-f57b557d07db","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{"effect":{"value":"[parameters(''effect-991310cd-e9f3-47bc-b7b6-f57b557d07db'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"9b597639-28e4-48eb-b506-56b05d366257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''effect-9b597639-28e4-48eb-b506-56b05d366257'')]"}},"groupNames":["CMMC_L3_SI.1.211","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"9daedab3-fb2d-461e-b861-71790eead4f6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''effect-9daedab3-fb2d-461e-b861-71790eead4f6'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CA.2.158","CMMC_L3_CA.3.161"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{"effect":{"value":"[parameters(''effect-a70ca396-0a34-413a-88e1-b956c1e683be'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CM.2.064","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_SC.3.191","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CM.2.064","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_SC.3.191","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_IR.2.093","CMMC_L3_SI.1.211","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"5752e6d6-1206-46d8-8ab1-ecc2f71a8112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["CMMC_L3_AC.2.013","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e2c1c086-2d84-4019-bff3-c44ccd95113c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{"effect":{"value":"[parameters(''effect-e2c1c086-2d84-4019-bff3-c44ccd95113c'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"ea53dbee-c6c9-4f0e-9f9e-de0039b78023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.013"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{"effect":{"value":"[parameters(''effect-efbde977-ba53-4479-b8e9-10b957924fbf'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e6955644-301c-44b5-a4c4-528577de6861","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-e6955644-301c-44b5-a4c4-528577de6861'')]"}},"groupNames":["CMMC_L3_IA.1.077"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''effect-fb893a29-21bb-418c-a157-e99480ec364c'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.065","CMMC_L3_IR.2.093","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"6e2593d9-add6-4083-9c9b-4b7d2188c899","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"c251913d-7d24-4958-af87-478ed3b9ba41","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41","parameters":{},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"}},"groupNames":["CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"12430be1-6cc8-4527-a9a8-e3d38f250096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096","parameters":{"effect":{"value":"[parameters(''effect-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"425bea59-a659-4cbb-8d31-34499bd030b8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8","parameters":{"effect":{"value":"[parameters(''effect-425bea59-a659-4cbb-8d31-34499bd030b8'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"055aa869-bc98-4af8-bafc-23f1ab6ffe2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"361c2074-3595-4e5d-8cab-4f21dffc835c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","parameters":{"effect":{"value":"[parameters(''effect-361c2074-3595-4e5d-8cab-4f21dffc835c'')]"}},"groupNames":["CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"b5f04e03-92a3-4b09-9410-2cc5e5047656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","parameters":{"effect":{"value":"[parameters(''effect-b5f04e03-92a3-4b09-9410-2cc5e5047656'')]"}},"groupNames":["CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''effect-013e242c-8828-4970-87b3-ab247555486d'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''effect-d38fc420-0735-4ef3-ac11-c806f651a570'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"a1181c5f-672a-477a-979a-7d58aa086233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{"effect":{"value":"[parameters(''effect-a1181c5f-672a-477a-979a-7d58aa086233'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.063","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144"]},{"policyDefinitionReferenceId":"0e6763cc-5078-4e64-889d-ff4d9a839047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SC.3.187","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"2913021d-f2fd-4f3d-b958-22354e2bdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"308fbb08-4ab8-4e67-9b29-592e93fb94fa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"4da35fc9-c9e7-4960-aec9-797fe7d9051d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"523b5cd1-3e23-492f-a539-13118b6d1e3a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"6581d072-105e-4418-827f-bd446d56421b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.007","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.2.179","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"037eea7a-bd0a-46c5-9a66-03aea78705d3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''effect-037eea7a-bd0a-46c5-9a66-03aea78705d3'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0725b4dd-7e76-479c-a735-68e7ee23d5ca","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0fea8f8a-4169-495d-8307-30ec335f387d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d","parameters":{"effect":{"value":"[parameters(''effect-0fea8f8a-4169-495d-8307-30ec335f387d'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"1b8ca024-1d5c-4dec-8995-b1a932b41780","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.1.003"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"effect":{"value":"[parameters(''effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"5e1de0e3-42cb-4ebc-a86d-61d0c619ca48","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48","parameters":{"effect":{"value":"[parameters(''effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.007","CMMC_L3_AC.2.016","CMMC_L3_CM.2.062"]},{"policyDefinitionReferenceId":"b52376f7-9612-48a1-81cd-1ffe4b61032c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''effect-b52376f7-9612-48a1-81cd-1ffe4b61032c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"c9299215-ae47-4f50-9c54-8a392f68a052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052","parameters":{"effect":{"value":"[parameters(''effect-c9299215-ae47-4f50-9c54-8a392f68a052'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"c9d007d0-c057-4772-b18c-01e546713bcd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{"effect":{"value":"[parameters(''effect-c9d007d0-c057-4772-b18c-01e546713bcd'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d0793b48-0edc-4296-a390-4c75d1bdfd71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''effect-d0793b48-0edc-4296-a390-4c75d1bdfd71'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d9844e8a-1437-4aeb-a32c-0c992f056095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''effect-d9844e8a-1437-4aeb-a32c-0c992f056095'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"e372f825-a257-4fb8-9175-797a8a8627d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.1.003","CMMC_L3_AC.2.015","CMMC_L3_AC.2.016"]},{"policyDefinitionReferenceId":"fdccbe47-f3e3-4213-ad5d-ea459b2fa077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"82985f06-dc18-4a48-bc1c-b9f4f0098cfe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"namespaces":{"value":"[parameters(''namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"allowHostNetwork":{"value":"[parameters(''allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"minPort":{"value":"[parameters(''minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"maxPort":{"value":"[parameters(''maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"55615ac9-af46-4a59-874e-391cc3dfb490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''effect-55615ac9-af46-4a59-874e-391cc3dfb490'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.3.183","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"492a29ed-d143-4f03-b6a4-705ce081b463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"effect":{"value":"[parameters(''effect-492a29ed-d143-4f03-b6a4-705ce081b463'')]"}},"groupNames":["CMMC_L3_AC.2.008","CMMC_L3_AC.3.021","CMMC_L3_CM.2.063"]},{"policyDefinitionReferenceId":"e068b215-0026-4354-b347-8fb2766f73a2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"effect":{"value":"[parameters(''effect-e068b215-0026-4354-b347-8fb2766f73a2'')]"}},"groupNames":["CMMC_L3_AC.2.008","CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"87845465-c458-45f3-af66-dcd62176f397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-87845465-c458-45f3-af66-dcd62176f397'')]"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_CM.2.062"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5'')]"}},"groupNames":["CMMC_L3_AC.3.018"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.ClassicNetwork/networkSecurityGroups/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"331e8ea8-378a-410f-a2e5-ae22f38bb0da","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"ae89ebca-1c92-4898-ac2c-9f63decb045c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''effect-ae89ebca-1c92-4898-ac2c-9f63decb045c'')]"}},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"d26f7642-7545-4e18-9b75-8c9bbdee3a9a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a'')]"}},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{"effect":{"value":"[parameters(''effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"7796937f-307b-4598-941c-67d3a05ebfe7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''effect-7796937f-307b-4598-941c-67d3a05ebfe7'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/delete"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.049","CMMC_L3_CM.2.061","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{"effect":{"value":"[parameters(''effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b02aacc0-b073-424e-8298-42b22829ee0a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{"effect":{"value":"[parameters(''effect-b02aacc0-b073-424e-8298-42b22829ee0a'')]"}},"groupNames":["CMMC_L3_AU.2.042","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''effect-0ec47710-77ff-4a3d-9181-6aa50af424d0'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''effect-48af4db5-9b8b-401c-8e74-076be876a430'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''effect-82339799-d096-41ae-8538-b108becf0970'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"5f0f936f-2f01-4bf5-b6be-d423792fa562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''effect-5f0f936f-2f01-4bf5-b6be-d423792fa562'')]"}},"groupNames":["CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"bb91dfba-c30d-4263-9add-9c2384e659a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''effect-bb91dfba-c30d-4263-9add-9c2384e659a6'')]"}},"groupNames":["CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''effect-e71308d3-144b-4262-b144-efdc3cc90517'')]"}},"groupNames":["CMMC_L3_CM.3.068","CMMC_L3_SC.1.176","CMMC_L3_SC.3.180","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"75c4f823-d65c-4f29-a733-01d0077fdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb","parameters":{"allowedKeyTypes":{"value":"[parameters(''allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb'')]"},"effect":{"value":"[parameters(''effect-75c4f823-d65c-4f29-a733-01d0077fdbcb'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"82067dbb-e53b-4e06-b631-546d197452d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9","parameters":{"minimumRSAKeySize":{"value":"[parameters(''minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9'')]"},"effect":{"value":"[parameters(''effect-82067dbb-e53b-4e06-b631-546d197452d9'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"cee51871-e572-4576-855c-047c820360f0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","parameters":{"minimumRSAKeySize":{"value":"[parameters(''minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0'')]"},"effect":{"value":"[parameters(''effect-cee51871-e572-4576-855c-047c820360f0'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"ff25f3c8-b739-4538-9d07-3d6d25cfb255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255","parameters":{"allowedECNames":{"value":"[parameters(''allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255'')]"},"effect":{"value":"[parameters(''effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"24fba194-95d6-48c0-aea7-f65bf859c598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24fba194-95d6-48c0-aea7-f65bf859c598","parameters":{"effect":{"value":"[parameters(''effect-24fba194-95d6-48c0-aea7-f65bf859c598'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"2bdd0062-9d75-436e-89df-487dd8e4b3c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3a58212a-c829-4f13-9872-6371df2fd0b4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4","parameters":{"effect":{"value":"[parameters(''effect-3a58212a-c829-4f13-9872-6371df2fd0b4'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"4733ea7b-a883-42fe-8cac-97454c2a9e4a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a","parameters":{"effect":{"value":"[parameters(''effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"67121cc7-ff39-4ab8-b7e3-95b84dab487d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"6fac406b-40ca-413b-bf8e-0bf964659c25","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"81e74cea-30fd-40d5-802f-d72103c2aaaa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa","parameters":{"effect":{"value":"[parameters(''effect-81e74cea-30fd-40d5-802f-d72103c2aaaa'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"a7ff3161-0087-490a-9ad9-ad6217f4f43a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"c349d81b-9985-44ae-a8da-ff98d108ede8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8","parameters":{"effect":{"value":"[parameters(''effect-c349d81b-9985-44ae-a8da-ff98d108ede8'')]"},"supportedSKUs":{"value":"[parameters(''supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"f4b53539-8df9-40e4-86c6-6b607703bd4e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e","parameters":{"effect":{"value":"[parameters(''effect-f4b53539-8df9-40e4-86c6-6b607703bd4e'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1","parameters":{"effect":{"value":"[parameters(''effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"051cba44-2429-45b9-9649-46cec11c7119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119","parameters":{"effect":{"value":"[parameters(''effect-051cba44-2429-45b9-9649-46cec11c7119'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''effect-3657f5a0-770e-44a3-b44e-9431ba1e9735'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''effect-617c02be-7f02-4efd-8836-3180d47b6c68'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"7d7be79c-23ba-4033-84dd-45e2a5ccdd67","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67","parameters":{"effect":{"value":"[parameters(''effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"87ba29ef-1ab3-4d82-b763-87fcd4f531f7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7","parameters":{"effect":{"value":"[parameters(''effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"f7d52b2d-e161-4dfa-a82b-55e564167385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385","parameters":{"effect":{"value":"[parameters(''effect-f7d52b2d-e161-4dfa-a82b-55e564167385'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{"effect":{"value":"[parameters(''effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57'')]"}},"groupNames":["CMMC_L3_SI.1.210","CMMC_L3_SI.1.211","CMMC_L3_SI.1.212","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"123a3936-f020-408a-ba0c-47873faf1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''effect-123a3936-f020-408a-ba0c-47873faf1534'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.063","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"fc9b3da7-8347-4380-8e70-0a0361d8dedd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd'')]"}},"groupNames":["CMMC_L3_CM.2.061"]},{"policyDefinitionReferenceId":"2a7a701e-dff3-4da9-9ec5-42cb98594c0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditAuthenticationPolicyChange":{"value":"[parameters(''AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"},"AuditAuthorizationPolicyChange":{"value":"[parameters(''AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"},"effect":{"value":"[parameters(''effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"}},"groupNames":["CMMC_L3_CM.2.065"]}],"policyDefinitionGroups":[{"name":"CMMC_L3_AC.1.001","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.001"},{"name":"CMMC_L3_AC.1.002","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.002"},{"name":"CMMC_L3_AC.1.003","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.003"},{"name":"CMMC_L3_AC.1.004","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.004"},{"name":"CMMC_L3_AC.2.005","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.005"},{"name":"CMMC_L3_AC.2.006","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.006"},{"name":"CMMC_L3_AC.2.007","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.007"},{"name":"CMMC_L3_AC.2.008","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.008"},{"name":"CMMC_L3_AC.2.009","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.009"},{"name":"CMMC_L3_AC.2.010","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.010"},{"name":"CMMC_L3_AC.2.011","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.011"},{"name":"CMMC_L3_AC.2.013","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.013"},{"name":"CMMC_L3_AC.2.015","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.015"},{"name":"CMMC_L3_AC.2.016","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.016"},{"name":"CMMC_L3_AC.3.012","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.012"},{"name":"CMMC_L3_AC.3.014","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.014"},{"name":"CMMC_L3_AC.3.017","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.017"},{"name":"CMMC_L3_AC.3.018","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.018"},{"name":"CMMC_L3_AC.3.019","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.019"},{"name":"CMMC_L3_AC.3.020","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.020"},{"name":"CMMC_L3_AC.3.021","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.021"},{"name":"CMMC_L3_AC.3.022","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.022"},{"name":"CMMC_L3_AM.3.036","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AM.3.036"},{"name":"CMMC_L3_AT.2.056","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.056"},{"name":"CMMC_L3_AT.2.057","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.057"},{"name":"CMMC_L3_AT.3.058","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.3.058"},{"name":"CMMC_L3_AU.2.041","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.041"},{"name":"CMMC_L3_AU.2.042","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.042"},{"name":"CMMC_L3_AU.2.043","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.043"},{"name":"CMMC_L3_AU.2.044","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.044"},{"name":"CMMC_L3_AU.3.045","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.045"},{"name":"CMMC_L3_AU.3.046","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.046"},{"name":"CMMC_L3_AU.3.048","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.048"},{"name":"CMMC_L3_AU.3.049","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.049"},{"name":"CMMC_L3_AU.3.050","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.050"},{"name":"CMMC_L3_AU.3.051","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.051"},{"name":"CMMC_L3_AU.3.052","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.052"},{"name":"CMMC_L3_CA.2.157","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.157"},{"name":"CMMC_L3_CA.2.158","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.158"},{"name":"CMMC_L3_CA.2.159","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.159"},{"name":"CMMC_L3_CA.3.161","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.161"},{"name":"CMMC_L3_CA.3.162","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.162"},{"name":"CMMC_L3_CM.2.061","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.061"},{"name":"CMMC_L3_CM.2.062","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.062"},{"name":"CMMC_L3_CM.2.063","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.063"},{"name":"CMMC_L3_CM.2.064","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.064"},{"name":"CMMC_L3_CM.2.065","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.065"},{"name":"CMMC_L3_CM.2.066","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.066"},{"name":"CMMC_L3_CM.3.067","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.067"},{"name":"CMMC_L3_CM.3.068","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.068"},{"name":"CMMC_L3_CM.3.069","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.069"},{"name":"CMMC_L3_IA.1.076","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.076"},{"name":"CMMC_L3_IA.1.077","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.077"},{"name":"CMMC_L3_IA.2.078","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.078"},{"name":"CMMC_L3_IA.2.079","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.079"},{"name":"CMMC_L3_IA.2.080","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.080"},{"name":"CMMC_L3_IA.2.081","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.081"},{"name":"CMMC_L3_IA.2.082","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.082"},{"name":"CMMC_L3_IA.3.083","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.083"},{"name":"CMMC_L3_IA.3.084","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.084"},{"name":"CMMC_L3_IA.3.085","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.085"},{"name":"CMMC_L3_IA.3.086","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.086"},{"name":"CMMC_L3_IR.2.092","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.092"},{"name":"CMMC_L3_IR.2.093","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.093"},{"name":"CMMC_L3_IR.2.094","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.094"},{"name":"CMMC_L3_IR.2.096","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.096"},{"name":"CMMC_L3_IR.2.097","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.097"},{"name":"CMMC_L3_IR.3.098","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.098"},{"name":"CMMC_L3_IR.3.099","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.099"},{"name":"CMMC_L3_MA.2.111","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.111"},{"name":"CMMC_L3_MA.2.112","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.112"},{"name":"CMMC_L3_MA.2.113","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.113"},{"name":"CMMC_L3_MA.2.114","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.114"},{"name":"CMMC_L3_MA.3.115","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.115"},{"name":"CMMC_L3_MA.3.116","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.116"},{"name":"CMMC_L3_MP.1.118","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.1.118"},{"name":"CMMC_L3_MP.2.119","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.119"},{"name":"CMMC_L3_MP.2.120","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.120"},{"name":"CMMC_L3_MP.2.121","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.121"},{"name":"CMMC_L3_MP.3.122","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.122"},{"name":"CMMC_L3_MP.3.123","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.123"},{"name":"CMMC_L3_MP.3.124","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.124"},{"name":"CMMC_L3_MP.3.125","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.125"},{"name":"CMMC_L3_PE.1.131","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.131"},{"name":"CMMC_L3_PE.1.132","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.132"},{"name":"CMMC_L3_PE.1.133","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.133"},{"name":"CMMC_L3_PE.1.134","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.134"},{"name":"CMMC_L3_PE.2.135","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.2.135"},{"name":"CMMC_L3_PE.3.136","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.3.136"},{"name":"CMMC_L3_PS.2.127","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.127"},{"name":"CMMC_L3_PS.2.128","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.128"},{"name":"CMMC_L3_RE.2.137","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.137"},{"name":"CMMC_L3_RE.2.138","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.138"},{"name":"CMMC_L3_RE.3.139","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.3.139"},{"name":"CMMC_L3_RM.2.141","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.141"},{"name":"CMMC_L3_RM.2.142","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.142"},{"name":"CMMC_L3_RM.2.143","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.143"},{"name":"CMMC_L3_RM.3.144","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.144"},{"name":"CMMC_L3_RM.3.146","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.146"},{"name":"CMMC_L3_RM.3.147","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.147"},{"name":"CMMC_L3_SA.3.169","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SA.3.169"},{"name":"CMMC_L3_SC.1.175","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.175"},{"name":"CMMC_L3_SC.1.176","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.176"},{"name":"CMMC_L3_SC.2.178","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.178"},{"name":"CMMC_L3_SC.2.179","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.179"},{"name":"CMMC_L3_SC.3.177","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.177"},{"name":"CMMC_L3_SC.3.180","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.180"},{"name":"CMMC_L3_SC.3.181","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.181"},{"name":"CMMC_L3_SC.3.182","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.182"},{"name":"CMMC_L3_SC.3.183","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.183"},{"name":"CMMC_L3_SC.3.184","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.184"},{"name":"CMMC_L3_SC.3.185","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.185"},{"name":"CMMC_L3_SC.3.186","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.186"},{"name":"CMMC_L3_SC.3.187","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.187"},{"name":"CMMC_L3_SC.3.188","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.188"},{"name":"CMMC_L3_SC.3.189","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.189"},{"name":"CMMC_L3_SC.3.190","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.190"},{"name":"CMMC_L3_SC.3.191","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.191"},{"name":"CMMC_L3_SC.3.192","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.192"},{"name":"CMMC_L3_SC.3.193","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.193"},{"name":"CMMC_L3_SI.1.210","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.210"},{"name":"CMMC_L3_SI.1.211","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.211"},{"name":"CMMC_L3_SI.1.212","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.212"},{"name":"CMMC_L3_SI.1.213","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.213"},{"name":"CMMC_L3_SI.2.214","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.214"},{"name":"CMMC_L3_SI.2.216","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.216"},{"name":"CMMC_L3_SI.2.217","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.217"},{"name":"CMMC_L3_SI.3.218","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.218"},{"name":"CMMC_L3_SI.3.219","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.219"},{"name":"CMMC_L3_SI.3.220","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.220"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de","type":"Microsoft.Authorization/policySetDefinitions","name":"b5629c75-5c77-4422-87b9-2509e680f8de"},{"properties":{"displayName":"[Deprecated]: + Audit Windows VMs that contain certificates expiring within the specified + number of days","policyType":"BuiltIn","description":"This initiative deploys + the policy requirements and audits Windows virtual machines that contain certificates + expiring within the specified number of days. For more information on Guest + Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.0.0-deprecated","category":"Guest + Configuration","deprecated":true},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"[Deprecated]: + Certificate store path","description":"The path to the certificate store containing + the certificates to check the expiration dates of. Default value is ''Cert:'' + which is the root certificate store path, so all certificates on the machine + will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'', + ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"[Deprecated]: + Expiration limit in days","description":"An integer indicating the number + of days within which to check for certificates that are expiring. For example, + if this value is 30, any certificate expiring within the next 30 days will + cause this policy to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"[Deprecated]: + Certificate thumbprints to include","description":"A semicolon-separated list + of certificate thumbprints to check under the specified path. If a value is + not specified, all certificates under the certificate store path will be checked. + If a value is specified, no certificates other than those with the thumbprints + specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"CertificateThumbprintsToExclude":{"type":"String","metadata":{"displayName":"[Deprecated]: + Certificate thumbprints to exclude","description":"A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"IncludeExpiredCertificates":{"type":"String","metadata":{"displayName":"[Deprecated]: Include expired certificates","description":"Must be ''true'' or ''false''. True indicates that any found certificates that have already expired will @@ -5332,7 +8418,527 @@ interactions: on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.0.0-deprecated","category":"Guest Configuration","deprecated":true},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"[Deprecated]: Number of days","description":"The number of days without restart until the - machine is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Preview]: + machine is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Deprecated]: + Azure Security Benchmark v2","policyType":"BuiltIn","description":"This initiative + has been deprecated. The Azure Security Benchmark v2 policy set is now represented + in the consolidated Azure Security Benchmark initiative, which also serves + as the Azure Security Center default policy initiative. Please assign that + initiative, or manage its policies and compliance results within Azure Security + Center","metadata":{"version":"2.0.1-deprecated","deprecated":true,"category":"Regulatory + Compliance"},"parameters":{"effect-e71308d3-144b-4262-b144-efdc3cc90517":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Subnets should be associated with a Network Security Group","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-bd352bd5-2853-4985-bf0d-73806b4a5744":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: IP Forwarding on your virtual machine should be disabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-22730e10-96f6-4aac-ad84-9383d35b5917":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Management ports should be closed on your virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: All Internet traffic should be routed via your deployed + Azure Firewall","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Authorized IP ranges should be defined on Kubernetes Services","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Adaptive Network Hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-55615ac9-af46-4a59-874e-391cc3dfb490":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Firewall should be enabled on Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cosmos DB accounts should have firewall rules","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for Cognitive + Services accounts","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should restrict network access using virtual + network rules","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should not allow unrestricted network + access","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for PostgreSQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d9844e8a-1437-4aeb-a32c-0c992f056095":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: API Management services should use a virtual network","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"evaluatedSkuNames-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b":{"type":"Array","metadata":{"displayName":"[Deprecated]: + API Management SKUs that should use a virtual network","description":"List + of API Management SKUs against which this policy will be evaluated"},"allowedValues":["Developer","Basic","Standard","Premium","Consumption"],"defaultValue":["Developer","Premium"]},"effect-0564d078-92f5-4f97-8398-b9f58a51f70b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for PostgreSQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0a1302fb-a631-4106-9753-f3d494733990":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7595c971-233d-4bcf-bd18-596129188c49":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2154edb9-244f-4741-9970-660785bccdaa":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: VM Image Builder templates should use private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-40cec1dd-a100-4920-b15b-3024fe8901ab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Machine Learning workspaces should use private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-4b90e17e-8448-49db-875e-bd83fb6f804f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Event Grid topics should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-53503636-bcc9-4748-9663-5348217f160f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure SignalR Service should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5f0bc445-3935-4915-9981-011aa2b46147":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be configured for Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-6edd7eda-6dd8-40f7-810d-67160c639cd9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account should use a private link connection","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9830b652-8523-49cc-b1b3-e17dce1127ca":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Event Grid domains should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ca610c1d-041c-4332-9d88-7ed3094967c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: App Configuration should use a private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cache for Redis should reside within a virtual network","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Spring Cloud should use network injection","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled","Deny"],"defaultValue":"Audit"},"evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Azure Spring Cloud SKUs that should use network injection","description":"List + of Azure Spring Cloud SKUs against which this policy will be evaluated"},"allowedValues":["Standard"],"defaultValue":["Standard"]},"effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure DDoS Protection Standard should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service Fabric clusters should only use Azure Active Directory + for client authentication","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2b9ad585-36bc-4615-b300-fd4435808332":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6646a0bd-e110-40ca-bb97-84fcee63c414":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service principals should be used to protect your subscriptions + instead of management certificates","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Audit usage of custom RBAC rules","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Custom subscription owner roles should not exist","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Sensitive data in your SQL databases should be classified","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should enable data encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-399b2637-a50f-4f95-96f8-3a145476eb15":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS only should be required in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS should be required in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS only should be required in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce HTTPS ingress in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Enforce HTTPS ingress in Kubernetes + cluster","description":"List of Kubernetes namespaces to exclude from policy + evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Deprecated]: + Include Arc-connected servers when evaluating policy: Audit Windows web servers + that are not using secure communication protocols","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Deprecated]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SQL server TDE protector should be encrypted with your + own key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SQL Managed Instance TDE protector should be encrypted + with your own key","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Automation account variables should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-617c02be-7f02-4efd-8836-3180d47b6c68":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel + property set to EncryptAndSign","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-11566b39-f7f7-4b82-ab06-68d8700eb0a4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should use customer owned storage + or enable data encryption.","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cosmos DB account should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should be encrypted with a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should enable data encryption + with customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Machine Learning workspaces should be encrypted with + a customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-18adea5e-f416-4d0f-8aa8-d24321e3e274":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Bring your own key data protection should be enabled for + PostgreSQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Bring your own key data protection should be enabled for + MySQL servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Virtual machines should be migrated to new Azure Resource + Manager resources","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should be migrated to new Azure Resource + Manager resources","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Network traffic data collection agent should be installed + on Windows virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-04c4380f-3fae-46e8-96c9-30193528f602":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Network traffic data collection agent should be installed + on Linux virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of regions where Network Watcher should be enabled","description":"To + see a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":["[]"]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Name of the resource group for Network Watcher","description":"Name of the + resource group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"},"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Azure Data Lake Store should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Data Lake Store resource logs"},"defaultValue":"365"},"effect-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Logic Apps should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Logic Apps resource logs"},"defaultValue":"365"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for IoT Hub resource logs"},"defaultValue":"365"},"effect-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Batch accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Batch resource logs"},"defaultValue":"365"},"effect-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"Boolean","metadata":{"displayName":"[Deprecated]: + Include AKS clusters when auditing if virtual machine scale set resource logs + are enabled"},"defaultValue":false},"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Event Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Event Hub resource logs"},"defaultValue":"365"},"effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Search services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Search resource logs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Data Lake Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Data Lake Analytics resource logs"},"defaultValue":"365"},"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Key Vault resource logs"},"defaultValue":"365"},"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Service Bus should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Service Bus resource logs"},"defaultValue":"365"},"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Azure Stream Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Stream Analytics resource logs"},"defaultValue":"365"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","Disabled"],"defaultValue":"enabled"},"effect-a4fe33eb-e377-4efb-ab31-0784311bc499":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your virtual + machine for Azure Security Center monitoring","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a3a6ea0c-e018-4933-9ef0-5aaa1501449b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your virtual + machine scale sets for Azure Security Center monitoring","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-475aae12-b88a-4572-8b36-9b712b2b3a17":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Automatic provisioning of the Log Analytics monitoring + agent should be enabled on your subscription","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent health issues should be resolved on + your machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your Linux Azure + Arc machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your Windows + Azure Arc machines","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A security contact email address should be provided for + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0b15565f-aa9e-48ba-8619-45960f2c314d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Email notification to subscription owner for high severity + alerts should be enabled","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your Function + Apps","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your API + App","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure API app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eaebaea7-8013-4ceb-9d14-7eb32271373c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure Function app has ''Client Certificates (Incoming + client certificates)'' set to ''On''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5bb220d9-2698-4ee4-8404-b9c30c9df609":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure WEB app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0a15ec92-a229-4763-bb14-0ea34a568f8d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Policy Add-on for Kubernetes service (AKS) should + be installed and enabled on your clusters","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"String","metadata":{"displayName":"[Deprecated]: + Allowed container images for Kubernetes clusters","description":"Regular expression + used to match allowed container images in a Kubernetes cluster; Ex: allow + any Azure Container Registry image by matching partial path: ^.+azurecr.io/.+$"},"defaultValue":"^(.+){0}$"},"effect-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure only allowed container images in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure only allowed container + images in Kubernetes cluster","description":"List of Kubernetes namespaces + to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-95edb821-ddaf-4404-9732-666045e056b4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Do not allow privileged containers in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-95edb821-ddaf-4404-9732-666045e056b4":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Do not allow privileged containers + in Kubernetes cluster","description":"List of Kubernetes namespaces to exclude + from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedContainerPortsList-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Allowed container ports in Kubernetes clusters"},"defaultValue":["-1"]},"effect-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure containers listen only on allowed ports in Kubernetes + cluster","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure containers listen only + on allowed ports in Kubernetes cluster","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedServicePortsList-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Allowed services ports in Kubernetes clusters"},"defaultValue":["-1"]},"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure services listen only on allowed ports in Kubernetes + cluster","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure services listen only + on allowed ports in Kubernetes cluster","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes clusters should not allow container privilege + escalation","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes clusters should + not allow container privilege escalation","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Maximum allowed CPU units for containers in Kubernetes clusters","description":"Ex: + 200m; for more information, visit https://aka.ms/k8s-policy-pod-limits"},"defaultValue":"0"},"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Maximum allowed memory (bytes) for a container in Kubernetes clusters","description":"Ex: + 1Gi; for more information, visit https://aka.ms/k8s-policy-pod-limits"},"defaultValue":"0"},"effect-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure container CPU and memory resource limits do not + exceed the specified limits in Kubernetes cluster","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure container CPU and memory + resource limits do not exceed the specified limits in Kubernetes cluster","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pods and containers should only run + with approved user and group IDs","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-f06ddb64-5fa3-4b77-b166-acb36f7f6042":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods and + containers should only run with approved user and group IDs","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should not share host process + ID or host IPC namespace","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should not share host process ID or host IPC namespace","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-df49d893-a74c-421d-bc95-c663042e5b80":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should run with a read only + root file system","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should run with a read only root file system","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should only use allowed capabilities","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should only use allowed capabilities","description":"List of Kubernetes namespaces + to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of capabilities that are allowed to be added to a container","description":"Provide + empty list as input to block everything"},"defaultValue":["[]"]},"requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + The list of capabilities that must be dropped by a container"},"defaultValue":["[]"]},"effect-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should only use allowed AppArmor + profiles","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should only use allowed AppArmor profiles","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedProfiles-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"Array","metadata":{"displayName":"[Deprecated]: + The list of AppArmor profiles that containers are allowed to use","description":"Ex: + ''runtime/default;docker/default''; provide empty list as input to block everything"},"defaultValue":["[]"]},"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pods should only use approved host network + and port range","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods should + only use approved host network and port range","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Boolean","metadata":{"displayName":"[Deprecated]: + Allow host network usage for Kubernetes cluster pods","description":"Set this + value to true if pod is allowed to use host network, otherwise set to false"},"defaultValue":false},"minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Deprecated]: + Minimum value in the allowable host port range that pods can use in the host + network namespace"},"defaultValue":0},"maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Deprecated]: + Maximum value in the allowable host port range that pods can use in the host + network namespace"},"defaultValue":0},"effect-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pod hostPath volumes should only use + allowed host paths","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pod hostPath + volumes should only use allowed host paths","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"Object","metadata":{"displayName":"[Deprecated]: + Allowed host paths for pod hostPath volumes to use","description":"Provide + an empty paths list to block all host paths"},"defaultValue":{"paths":[]}},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-760a85ff-6162-42b3-8d70-698e268f648c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities should be remediated by a Vulnerability + Assessment solution","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f0f936f-2f01-4bf5-b6be-d423792fa562":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in Azure Container Registry images should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fb893a29-21bb-418c-a157-e99480ec364c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable + Kubernetes version","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + on which Windows Defender Exploit Guard is not enabled","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Compliance status to report for Windows servers where Windows Defender Exploit + Guard is not supported"},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Compliant"},"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Audit Windows machines on which Windows Defender Exploit + Guard is not enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d38fc420-0735-4ef3-ac11-c806f651a570":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Long-term geo-redundant backup should be enabled for Azure + SQL Databases","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-82339799-d096-41ae-8538-b108becf0970":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MySQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-48af4db5-9b8b-401c-8e74-076be876a430":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for PostgreSQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MariaDB","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-013e242c-8828-4970-87b3-ab247555486d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Backup should be enabled for Virtual Machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Key vault should have soft delete enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"subnetsShouldBeAssociatedWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''effect-e71308d3-144b-4262-b144-efdc3cc90517'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"internetFacingVirtualMachinesShouldBeProtectedWithNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"iPForwardingOnYourVirtualMachineShouldBeDisabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''effect-bd352bd5-2853-4985-bf0d-73806b4a5744'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"managementPortsShouldBeClosedOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''effect-22730e10-96f6-4aac-ad84-9383d35b5917'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"managementPortsOfVirtualMachinesShouldBeProtectedWithJustInTimeNetworkAccessControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"allInternetTrafficShouldBeRoutedViaYourDeployedAzureFirewall","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4","Azure_Security_Benchmark_v2.0_NS-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"authorizedIPRangesShouldBeDefinedOnKubernetesServices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"firewallShouldBeEnabledOnKeyVault","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''effect-55615ac9-af46-4a59-874e-391cc3dfb490'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldHaveFirewallRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb","parameters":{"effect":{"value":"[parameters(''effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldRestrictNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''effect-037eea7a-bd0a-46c5-9a66-03aea78705d3'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"1b8ca024-1d5c-4dec-8995-b1a932b41780","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldNotAllowUnrestrictedNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''effect-d0793b48-0edc-4296-a390-4c75d1bdfd71'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''effect-b52376f7-9612-48a1-81cd-1ffe4b61032c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''effect-d9844e8a-1437-4aeb-a32c-0c992f056095'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMariadbServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"aPIManagementServicesShouldUseAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b","parameters":{"effect":{"value":"[parameters(''effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b'')]"},"evaluatedSkuNames":{"value":"[parameters(''evaluatedSkuNames-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''effect-0564d078-92f5-4f97-8398-b9f58a51f70b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''effect-0a1302fb-a631-4106-9753-f3d494733990'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''effect-7595c971-233d-4bcf-bd18-596129188c49'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"vMImageBuilderTemplatesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa","parameters":{"effect":{"value":"[parameters(''effect-2154edb9-244f-4741-9970-660785bccdaa'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab","parameters":{"effect":{"value":"[parameters(''effect-40cec1dd-a100-4920-b15b-3024fe8901ab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridTopicsShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f","parameters":{"effect":{"value":"[parameters(''effect-4b90e17e-8448-49db-875e-bd83fb6f804f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSignalrServiceShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f","parameters":{"effect":{"value":"[parameters(''effect-53503636-bcc9-4748-9663-5348217f160f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeConfiguredForKeyVault","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147","parameters":{"effect":{"value":"[parameters(''effect-5f0bc445-3935-4915-9981-011aa2b46147'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"storageAccountShouldUseAPrivateLinkConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9","parameters":{"effect":{"value":"[parameters(''effect-6edd7eda-6dd8-40f7-810d-67160c639cd9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"7698e800-9299-47a6-b3b6-5a0fee576eed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed","parameters":{},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridDomainsShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca","parameters":{"effect":{"value":"[parameters(''effect-9830b652-8523-49cc-b1b3-e17dce1127ca'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"appConfigurationShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7","parameters":{"effect":{"value":"[parameters(''effect-ca610c1d-041c-4332-9d88-7ed3094967c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"containerRegistriesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4","parameters":{"effect":{"value":"[parameters(''effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureCacheForRedisShouldResideWithinAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4","parameters":{"effect":{"value":"[parameters(''effect-7d092e0a-7acd-40d2-a975-dca21cae48c4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"azureSpringCloudShouldUseNetworkInjection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4","parameters":{"effect":{"value":"[parameters(''effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4'')]"},"evaluatedSkuNames":{"value":"[parameters(''evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"azureDdosProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sSHAccessFromTheInternetShouldBeBlocked","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"rDPAccessFromTheInternetShouldBeBlocked","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallWAFShouldBeEnabledForAzureFrontDoorServiceService","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallWAFShouldBeEnabledForApplicationGateway","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''effect-2b9ad585-36bc-4615-b300-fd4435808332'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"servicePrincipalsShouldBeUsedToProtectYourSubscriptionsInsteadOfManagementCertificates","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''effect-6646a0bd-e110-40ca-bb97-84fcee63c414'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"deprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"deprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"externalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"externalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"roleBasedAccessControlRBACShouldBeUsedOnKubernetesServices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{"effect":{"value":"[parameters(''effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"sensitiveDataInYourSQLDatabasesShouldBeClassified","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''effect-cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-1"]},{"policyDefinitionReferenceId":"storageAccountPublicAccessShouldBeDisallowed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"azureDefenderForStorageShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForSQLServersOnMachinesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForAzureSQLDatabaseServersShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnSQLManagedInstance","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSQLDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"webApplicationShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"aPIAppShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"onlySecureConnectionsToYourAzureCacheForRedisShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''effect-399b2637-a50f-4f95-96f8-3a145476eb15'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceHTTPSIngressInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","parameters":{"effect":{"value":"[parameters(''effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"sQLServersShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sQLManagedInstancesShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"automationAccountVariablesShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''effect-3657f5a0-770e-44a3-b44e-9431ba1e9735'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"serviceFabricClustersShouldHaveTheClusterprotectionlevelPropertySetToEncryptandsign","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''effect-617c02be-7f02-4efd-8836-3180d47b6c68'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4","parameters":{"effect":{"value":"[parameters(''effect-11566b39-f7f7-4b82-ab06-68d8700eb0a4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f","parameters":{"effect":{"value":"[parameters(''effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseCustomerManagedKeyCMKForEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8","parameters":{"effect":{"value":"[parameters(''effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274","parameters":{"effect":{"value":"[parameters(''effect-18adea5e-f416-4d0f-8aa8-d24321e3e274'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833","parameters":{"effect":{"value":"[parameters(''effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"storageAccountsShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsForDefiningSafeApplicationsShouldBeEnabledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"azureDefenderForKeyVaultShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForAppServiceShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForServersShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5","Azure_Security_Benchmark_v2.0_ES-1"]},{"policyDefinitionReferenceId":"azureDefenderForKubernetesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForContainerRegistriesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''effect-04c4380f-3fae-46e8-96c9-30193528f602'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"diagnosticLogsInAzureDataLakeStoreShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''effect-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInLogicAppsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''effect-34f95f76-5386-4de7-b824-0d8478470c9d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInIotHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInBatchAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''effect-428256e6-1fac-4f48-a757-df34c2b3336d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInVirtualMachineScaleSetsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''effect-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"},"includeAKSClusters":{"value":"[parameters(''includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInEventHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''effect-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInSearchServicesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInDataLakeAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInKeyVaultShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''effect-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInServiceBusShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAzureStreamAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"auditingOnSQLServerShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourVirtualMachineForAzureSecurityCenterMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''effect-a4fe33eb-e377-4efb-ab31-0784311bc499'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourVirtualMachineScaleSetsForAzureSecurityCenterMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''effect-a3a6ea0c-e018-4933-9ef0-5aaa1501449b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''effect-475aae12-b88a-4572-8b36-9b712b2b3a17'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentHealthIssuesShouldBeResolvedOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourLinuxAzureArcMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourWindowsAzureArcMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"subscriptionsShouldHaveAContactEmailAddressForSecurityIssues","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationForHighSeverityAlertsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''effect-0b15565f-aa9e-48ba-8619-45960f2c314d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourWebApplications","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourFunctionApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplications","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForAPIApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppsShouldHaveClientCertificatesIncomingClientCertificatesEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''effect-eaebaea7-8013-4ceb-9d14-7eb32271373c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''effect-5bb220d9-2698-4ee4-8404-b9c30c9df609'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"azurePolicyAddOnForKubernetesServiceAKSShouldBeInstalledAndEnabledOnYourClusters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''effect-0a15ec92-a229-4763-bb14-0ea34a568f8d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureOnlyAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469'')]"},"effect":{"value":"[parameters(''effect-febd0533-8e55-448f-b837-bd0e06f16469'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-febd0533-8e55-448f-b837-bd0e06f16469'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"doNotAllowPrivilegedContainersInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''effect-95edb821-ddaf-4404-9732-666045e056b4'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-95edb821-ddaf-4404-9732-666045e056b4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureContainersListenOnlyOnAllowedPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsList-440b515e-a580-421e-abeb-b159a61ddcbc'')]"},"effect":{"value":"[parameters(''effect-440b515e-a580-421e-abeb-b159a61ddcbc'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-440b515e-a580-421e-abeb-b159a61ddcbc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureServicesListenOnlyOnAllowedPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"allowedServicePortsList":{"value":"[parameters(''allowedServicePortsList-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"},"effect":{"value":"[parameters(''effect-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClustersShouldNotAllowContainerPrivilegeEscalation","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureContainerCPUAndMemoryResourceLimitsDoNotExceedTheSpecifiedLimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"cpuLimit":{"value":"[parameters(''cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"memoryLimit":{"value":"[parameters(''memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"effect":{"value":"[parameters(''effect-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-e345eecc-fa47-480f-9e88-67dcc122b164'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodsAndContainersShouldOnlyRunWithApprovedUserAndGroupIds","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-f06ddb64-5fa3-4b77-b166-acb36f7f6042'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldNotShareHostProcessIDOrHostIPCNamespace","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldRunWithAReadOnlyRootFileSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''effect-df49d893-a74c-421d-bc95-c663042e5b80'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldOnlyUseAllowedCapabilities","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"allowedCapabilities":{"value":"[parameters(''allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"requiredDropCapabilities":{"value":"[parameters(''requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldOnlyUseAllowedApparmorProfiles","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''effect-511f5417-5d12-434d-ab2e-816901e72a5e'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-511f5417-5d12-434d-ab2e-816901e72a5e'')]"},"allowedProfiles":{"value":"[parameters(''allowedProfiles-511f5417-5d12-434d-ab2e-816901e72a5e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodsShouldOnlyUseApprovedHostNetworkAndPortRange","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"allowHostNetwork":{"value":"[parameters(''allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"minPort":{"value":"[parameters(''minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"maxPort":{"value":"[parameters(''maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodHostpathVolumesShouldOnlyUseAllowedHostPaths","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''effect-098fc59e-46c7-4d99-9b16-64990e543d75'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75'')]"},"allowedHostPaths":{"value":"[parameters(''allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilitiesInContainerSecurityConfigurationsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstance","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSQLDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilitiesInAzureContainerRegistryImagesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''effect-5f0f936f-2f01-4bf5-b6be-d423792fa562'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"systemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"kubernetesServicesShouldBeUpgradedToANonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''effect-fb893a29-21bb-418c-a157-e99480ec364c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"auditWindowsMachinesOnWhichWindowsDefenderExploitGuardIsNotEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"effect":{"value":"[parameters(''effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2"]},{"policyDefinitionReferenceId":"longTermGeoRedundantBackupShouldBeEnabledForAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''effect-d38fc420-0735-4ef3-ac11-c806f651a570'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMysql","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''effect-82339799-d096-41ae-8538-b108becf0970'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgresql","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''effect-48af4db5-9b8b-401c-8e74-076be876a430'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariadb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''effect-0ec47710-77ff-4a3d-9181-6aa50af424d0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''effect-013e242c-8828-4970-87b3-ab247555486d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"keyVaultsShouldHaveSoftDeleteEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"keyVaultsShouldHavePurgeProtectionEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v2.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-1"},{"name":"Azure_Security_Benchmark_v2.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-2"},{"name":"Azure_Security_Benchmark_v2.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-3"},{"name":"Azure_Security_Benchmark_v2.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-4"},{"name":"Azure_Security_Benchmark_v2.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-5"},{"name":"Azure_Security_Benchmark_v2.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-6"},{"name":"Azure_Security_Benchmark_v2.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-1"},{"name":"Azure_Security_Benchmark_v2.0_IM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-2"},{"name":"Azure_Security_Benchmark_v2.0_IM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-3"},{"name":"Azure_Security_Benchmark_v2.0_IM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-4"},{"name":"Azure_Security_Benchmark_v2.0_IM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-5"},{"name":"Azure_Security_Benchmark_v2.0_IM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-6"},{"name":"Azure_Security_Benchmark_v2.0_IM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-8"},{"name":"Azure_Security_Benchmark_v2.0_PA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-1"},{"name":"Azure_Security_Benchmark_v2.0_PA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-2"},{"name":"Azure_Security_Benchmark_v2.0_PA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-3"},{"name":"Azure_Security_Benchmark_v2.0_PA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-4"},{"name":"Azure_Security_Benchmark_v2.0_PA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-5"},{"name":"Azure_Security_Benchmark_v2.0_PA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-6"},{"name":"Azure_Security_Benchmark_v2.0_PA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-7"},{"name":"Azure_Security_Benchmark_v2.0_PA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-8"},{"name":"Azure_Security_Benchmark_v2.0_DP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-1"},{"name":"Azure_Security_Benchmark_v2.0_DP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-2"},{"name":"Azure_Security_Benchmark_v2.0_DP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-3"},{"name":"Azure_Security_Benchmark_v2.0_DP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-4"},{"name":"Azure_Security_Benchmark_v2.0_DP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-1"},{"name":"Azure_Security_Benchmark_v2.0_AM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-2"},{"name":"Azure_Security_Benchmark_v2.0_AM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-3"},{"name":"Azure_Security_Benchmark_v2.0_AM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-4"},{"name":"Azure_Security_Benchmark_v2.0_AM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-1"},{"name":"Azure_Security_Benchmark_v2.0_LT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-2"},{"name":"Azure_Security_Benchmark_v2.0_LT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-3"},{"name":"Azure_Security_Benchmark_v2.0_LT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-4"},{"name":"Azure_Security_Benchmark_v2.0_LT-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-5"},{"name":"Azure_Security_Benchmark_v2.0_LT-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-7"},{"name":"Azure_Security_Benchmark_v2.0_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-1"},{"name":"Azure_Security_Benchmark_v2.0_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-2"},{"name":"Azure_Security_Benchmark_v2.0_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-3"},{"name":"Azure_Security_Benchmark_v2.0_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-4"},{"name":"Azure_Security_Benchmark_v2.0_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-5"},{"name":"Azure_Security_Benchmark_v2.0_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-1"},{"name":"Azure_Security_Benchmark_v2.0_PV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-2"},{"name":"Azure_Security_Benchmark_v2.0_PV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-3"},{"name":"Azure_Security_Benchmark_v2.0_PV-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-4"},{"name":"Azure_Security_Benchmark_v2.0_PV-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-5"},{"name":"Azure_Security_Benchmark_v2.0_PV-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-7"},{"name":"Azure_Security_Benchmark_v2.0_PV-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-8"},{"name":"Azure_Security_Benchmark_v2.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-1"},{"name":"Azure_Security_Benchmark_v2.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-2"},{"name":"Azure_Security_Benchmark_v2.0_ES-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-1"},{"name":"Azure_Security_Benchmark_v2.0_BR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-2"},{"name":"Azure_Security_Benchmark_v2.0_BR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-1"},{"name":"Azure_Security_Benchmark_v2.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-2"},{"name":"Azure_Security_Benchmark_v2.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-3"},{"name":"Azure_Security_Benchmark_v2.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-5"},{"name":"Azure_Security_Benchmark_v2.0_GS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-6"},{"name":"Azure_Security_Benchmark_v2.0_GS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-7"},{"name":"Azure_Security_Benchmark_v2.0_GS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b","type":"Microsoft.Authorization/policySetDefinitions","name":"bb522ac1-bc39-4957-b194-429bcd3bcb0b"},{"properties":{"displayName":"[Preview]: Windows machines should meet requirements for the Azure security baseline","policyType":"BuiltIn","description":"This initiative audits Windows machines with settings that do not meet the Azure security baseline. For details, please visit https://aka.ms/gcpol","metadata":{"version":"2.0.0-preview","category":"Guest @@ -5740,20 +9346,257 @@ interactions: SP 800-53 R4","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/nist80053-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/nist80053-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List - of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"FedRAMP + of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]: + New Zealand ISM Restricted","policyType":"BuiltIn","description":"This initiative + includes policies that address a subset of New Zealand Information Security + Manual controls. Additional policies will be added in upcoming releases. For + more information, visit https://aka.ms/nzism-initiative.","metadata":{"version":"2.0.0-preview","category":"Regulatory + Compliance","preview":true},"parameters":{"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive network hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Application Gateway","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + WAF mode requirement for Application Gateway","description":"The Prevention + or Detection mode must be enabled on the Application Gateway service"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + missing any of specified members in the Administrators group","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be included in Windows VM Administrators group","description":"A + semicolon-separated list of users that should be included in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Linux OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + that have extra accounts in the Administrators group","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that Windows VM Administrators group must only include","description":"A + semicolon-separated list of all the expected members of the Administrators + local group; Ex: Administrator; myUser1; myUser2"},"defaultValue":"Administrator"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Azure Front Door Service","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + WAF mode requirement for Azure Front Door Service","description":"The Prevention + or Detection mode must be enabled on the Azure Front Door service"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: [Preview]: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows web servers + that are not using secure communication protocols","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Linux OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + that have the specified members in the Administrators group","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be excluded from Windows VM Administrators group","description":"A + semicolon-separated list of users that should be excluded in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7796937f-307b-4598-941c-67d3a05ebfe7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure subscriptions should have a log profile for Activity + Log","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9":{"type":"Array","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"},"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9b597639-28e4-48eb-b506-56b05d366257":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft IaaSAntimalware extension should be deployed + on Windows servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure DDoS Protection Standard should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b02aacc0-b073-424e-8298-42b22829ee0a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Activity log should be retained for at least one year","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Service Fabric clusters should only use Azure Active Directory + for client authentication","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + on which Windows Defender Exploit Guard is not enabled","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Compliance state to report for Windows machines on which Windows Defender + Exploit Guard is not available","description":"Windows Defender Exploit Guard + is only available starting with Windows 10/Windows Server with update 1709. + Setting this value to ''Non-Compliant'' shows machines with older versions + on which Windows Defender Exploit Guard is not available (such as Windows + Server 2012 R2) as non-compliant. Setting this value to ''Compliant'' shows + these machines as compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"},"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines on which Windows Defender Exploit + Guard is not enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfAllowedLocations-e56962a6-4747-49cd-b67b-bf8b01975c4c":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed locations for resources (deployments to other locations will be denied)","description":"Locations + for NZISM Restricted are New Zealand North, Australia East, Australia Southeast, + Australia Central and Australia Central 2.","strongType":"location","deprecated":true},"allowedValues":["australiaeast","australiasoutheast","australiacentral","australiacentral2"],"defaultValue":[]},"listOfAllowedLocations-e765b5de-1225-4ba3-bd56-1ac6695af988":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed locations for resource groups (deployments to other locations will + be denied)","description":"Locations for NZISM Restricted are New Zealand + North, Australia East, Australia Southeast, Australia Central and Australia + Central 2.","strongType":"location","deprecated":true},"allowedValues":["australiaeast","australiasoutheast","australiacentral","australiacentral2"],"defaultValue":[]},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Linux machines + that allow remote connections from accounts without passwords","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that allow remote connections from + accounts without passwords","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Windows machines should + meet requirements for ''Security Settings - Account Policies''","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Enforce password history for Windows VM local accounts","description":"Specifies + limits on password reuse - how many times a new password must be created for + a user account before the password can be repeated"},"defaultValue":"24"},"MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Maximum password age for Windows VM local accounts","description":"Specifies + the maximum number of days that may elapse before a user account password + must be changed; the format of the value is two integers separated by a comma, + denoting an inclusive range"},"defaultValue":"1,70"},"MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum password age for Windows VM local accounts","description":"Specifies + the minimum number of days that must elapse before a user account password + can be changed"},"defaultValue":"1"},"MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum password length for Windows VM local accounts","description":"Specifies + the minimum number of characters that a user account password may contain"},"defaultValue":"14"},"PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Password must meet complexity requirements for Windows VM local accounts","description":"Specifies + whether a user account password must be complex; if required, a complex password + must not contain part of the user''s account name or full name; be at least + 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic + characters"},"defaultValue":"1"},"effect-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Settings - Account Policies''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917":{"type":"String","metadata":{"displayName":"[Preview]: + Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) + of the Log Analytics workspace where VMs agents should report"}},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Linux machines + that have accounts without passwords","description":"By selecting ''true,'' + you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that have accounts without passwords","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: [Preview]: All Internet traffic should be routed via your + deployed Azure Firewall","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"055aa869-bc98-4af8-bafc-23f1ab6ffe2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-2","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"12430be1-6cc8-4527-a9a8-e3d38f250096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096","parameters":{"effect":{"value":"[parameters(''effect-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"1c210e94-a481-4beb-95fa-1571b434fb04","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-4","NZISM_Security_Benchmark_v1.0_AC-5","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"},"MembersToInclude":{"value":"[parameters(''MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"32133ab0-ee4b-4b44-98d6-042180979d50","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"331e8ea8-378a-410f-a2e5-ae22f38bb0da","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9","NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"3be22e3b-d919-47aa-805e-8985dbeb0ad9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2'')]"},"Members":{"value":"[parameters(''Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"425bea59-a659-4cbb-8d31-34499bd030b8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8","parameters":{"effect":{"value":"[parameters(''effect-425bea59-a659-4cbb-8d31-34499bd030b8'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-4"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"5752e6d6-1206-46d8-8ab1-ecc2f71a8112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"},"MembersToExclude":{"value":"[parameters(''MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5","NZISM_Security_Benchmark_v1.0_AC-5"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"7796937f-307b-4598-941c-67d3a05ebfe7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''effect-7796937f-307b-4598-941c-67d3a05ebfe7'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-13"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"9b597639-28e4-48eb-b506-56b05d366257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''effect-9b597639-28e4-48eb-b506-56b05d366257'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-5"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"b02aacc0-b073-424e-8298-42b22829ee0a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{"effect":{"value":"[parameters(''effect-b02aacc0-b073-424e-8298-42b22829ee0a'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-15"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"bed48b13-6647-468e-aa2f-1af1d3f4dd40","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"effect":{"value":"[parameters(''effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"ea53dbee-c6c9-4f0e-9f9e-de0039b78023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"},"effect":{"value":"[parameters(''effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3","NZISM_Security_Benchmark_v1.0_PRS-5","NZISM_Security_Benchmark_v1.0_AC-5"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"f2143251-70de-4e81-87a8-36cee5a2f29d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"EnforcePasswordHistory":{"value":"[parameters(''EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MaximumPasswordAge":{"value":"[parameters(''MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MinimumPasswordAge":{"value":"[parameters(''MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MinimumPasswordLength":{"value":"[parameters(''MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"PasswordMustMeetComplexityRequirements":{"value":"[parameters(''PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"effect":{"value":"[parameters(''effect-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-4"]},{"policyDefinitionReferenceId":"f47b5582-33ec-4c5c-87c0-b010a6b2e917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"},"effect":{"value":"[parameters(''effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_ESS-3"]}],"policyDefinitionGroups":[{"name":"NZISM_Security_Benchmark_v1.0_AIS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-1"},{"name":"NZISM_Security_Benchmark_v1.0_AIS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-5"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-1"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-2"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-3"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-4"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-6"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-7"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-8"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-3"},{"name":"NZISM_Security_Benchmark_v1.0_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-5"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-5"},{"name":"NZISM_Security_Benchmark_v1.0_INF-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-1"},{"name":"NZISM_Security_Benchmark_v1.0_INF-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-2"},{"name":"NZISM_Security_Benchmark_v1.0_INF-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-3"},{"name":"NZISM_Security_Benchmark_v1.0_INF-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-4"},{"name":"NZISM_Security_Benchmark_v1.0_INF-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-5"},{"name":"NZISM_Security_Benchmark_v1.0_INF-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-6"},{"name":"NZISM_Security_Benchmark_v1.0_INF-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-7"},{"name":"NZISM_Security_Benchmark_v1.0_INF-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-8"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-1"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-2"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-3"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-4"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-5"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-6"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-7"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-5"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-6"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-7"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-8"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-1"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-2"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-3"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-4"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-5"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-6"},{"name":"NZISM_Security_Benchmark_v1.0_SS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-1"},{"name":"NZISM_Security_Benchmark_v1.0_SS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-2"},{"name":"NZISM_Security_Benchmark_v1.0_SS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-3"},{"name":"NZISM_Security_Benchmark_v1.0_SS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-4"},{"name":"NZISM_Security_Benchmark_v1.0_SS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-5"},{"name":"NZISM_Security_Benchmark_v1.0_SS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-6"},{"name":"NZISM_Security_Benchmark_v1.0_SS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-7"},{"name":"NZISM_Security_Benchmark_v1.0_SS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-8"},{"name":"NZISM_Security_Benchmark_v1.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-1"},{"name":"NZISM_Security_Benchmark_v1.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-2"},{"name":"NZISM_Security_Benchmark_v1.0_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-1"},{"name":"NZISM_Security_Benchmark_v1.0_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-2"},{"name":"NZISM_Security_Benchmark_v1.0_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-3"},{"name":"NZISM_Security_Benchmark_v1.0_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-4"},{"name":"NZISM_Security_Benchmark_v1.0_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-5"},{"name":"NZISM_Security_Benchmark_v1.0_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-6"},{"name":"NZISM_Security_Benchmark_v1.0_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-7"},{"name":"NZISM_Security_Benchmark_v1.0_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-8"},{"name":"NZISM_Security_Benchmark_v1.0_AC-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-9"},{"name":"NZISM_Security_Benchmark_v1.0_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-10"},{"name":"NZISM_Security_Benchmark_v1.0_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-11"},{"name":"NZISM_Security_Benchmark_v1.0_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-12"},{"name":"NZISM_Security_Benchmark_v1.0_AC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-13"},{"name":"NZISM_Security_Benchmark_v1.0_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-14"},{"name":"NZISM_Security_Benchmark_v1.0_AC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-15"},{"name":"NZISM_Security_Benchmark_v1.0_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-16"},{"name":"NZISM_Security_Benchmark_v1.0_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-17"},{"name":"NZISM_Security_Benchmark_v1.0_CR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-1"},{"name":"NZISM_Security_Benchmark_v1.0_CR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-2"},{"name":"NZISM_Security_Benchmark_v1.0_CR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-3"},{"name":"NZISM_Security_Benchmark_v1.0_CR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-4"},{"name":"NZISM_Security_Benchmark_v1.0_CR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-5"},{"name":"NZISM_Security_Benchmark_v1.0_CR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-6"},{"name":"NZISM_Security_Benchmark_v1.0_CR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-7"},{"name":"NZISM_Security_Benchmark_v1.0_CR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-8"},{"name":"NZISM_Security_Benchmark_v1.0_CR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-9"},{"name":"NZISM_Security_Benchmark_v1.0_CR-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-10"},{"name":"NZISM_Security_Benchmark_v1.0_CR-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-11"},{"name":"NZISM_Security_Benchmark_v1.0_CR-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-12"},{"name":"NZISM_Security_Benchmark_v1.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-1"},{"name":"NZISM_Security_Benchmark_v1.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-2"},{"name":"NZISM_Security_Benchmark_v1.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-3"},{"name":"NZISM_Security_Benchmark_v1.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-4"},{"name":"NZISM_Security_Benchmark_v1.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-5"},{"name":"NZISM_Security_Benchmark_v1.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-6"},{"name":"NZISM_Security_Benchmark_v1.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-7"},{"name":"NZISM_Security_Benchmark_v1.0_NS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-8"},{"name":"NZISM_Security_Benchmark_v1.0_NS-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-9"},{"name":"NZISM_Security_Benchmark_v1.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-1"},{"name":"NZISM_Security_Benchmark_v1.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-2"},{"name":"NZISM_Security_Benchmark_v1.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-3"},{"name":"NZISM_Security_Benchmark_v1.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-4"},{"name":"NZISM_Security_Benchmark_v1.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-5"},{"name":"NZISM_Security_Benchmark_v1.0_DM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-1"},{"name":"NZISM_Security_Benchmark_v1.0_DM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-2"},{"name":"NZISM_Security_Benchmark_v1.0_DM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-3"},{"name":"NZISM_Security_Benchmark_v1.0_DM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-4"},{"name":"NZISM_Security_Benchmark_v1.0_DM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-5"},{"name":"NZISM_Security_Benchmark_v1.0_DM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-6"},{"name":"NZISM_Security_Benchmark_v1.0_WO-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-1"},{"name":"NZISM_Security_Benchmark_v1.0_WO-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-2"},{"name":"NZISM_Security_Benchmark_v1.0_WO-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-3"},{"name":"NZISM_Security_Benchmark_v1.0_WO-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-4"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-1"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-2"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-3"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-4"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-5"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a","type":"Microsoft.Authorization/policySetDefinitions","name":"d1a462af-7e6d-4901-98ac-61570b4ed22a"},{"properties":{"displayName":"FedRAMP High","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP H controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/fedramph-blueprint.","metadata":{"version":"3.0.1","category":"Regulatory + For more information, visit https://aka.ms/fedramph-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -5773,7 +9616,7 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability assessment should be enabled on SQL Managed Instance","description":"Audit each SQL Managed Instance which doesn''t have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -5795,7 +9638,7 @@ interactions: backup should be enabled for Azure Database for PostgreSQL","description":"This policy audits any Azure Database for PostgreSQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web Application should only be accessible over HTTPS","description":"Enable or @@ -5825,7 +9668,7 @@ interactions: or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term geo-redundant backup should be enabled for Azure SQL Databases","description":"This policy audits any Azure SQL Database with long-term geo-redundant backup not - enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Deprecated]: + enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information @@ -6195,7 +10038,7 @@ interactions: Moderate","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/fedrampm-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + For more information, visit https://aka.ms/fedrampm-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -6204,13 +10047,13 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members to include","description":"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell @@ -6230,11 +10073,11 @@ interactions: cache-control: - no-cache content-length: - - '1153301' + - '1805013' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:35 GMT + - Mon, 22 Mar 2021 08:44:20 GMT expires: - '-1' pragma: @@ -6274,26 +10117,26 @@ interactions: ParameterSetName: - -n --definitions --display-name --description --params --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:38.1159201Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:22.9901988Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when - deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"855924394723084833","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"9129521645803389878","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1317' + - '1318' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:37 GMT + - Mon, 22 Mar 2021 08:44:22 GMT expires: - '-1' pragma: @@ -6303,7 +10146,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1197' status: code: 201 message: Created @@ -6321,26 +10164,26 @@ interactions: ParameterSetName: - -n --params --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:38.1159201Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:22.9901988Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when - deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"855924394723084833","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"9129521645803389878","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1317' + - '1318' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:38 GMT + - Mon, 22 Mar 2021 08:44:23 GMT expires: - '-1' pragma: @@ -6362,9 +10205,9 @@ interactions: {"allowedLocations": {"type": "array", "metadata": {"displayName": "Allowed locations 2"}}}, "policyDefinitions": [{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003", "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}, - "policyDefinitionReferenceId": "855924394723084833"}, {"policyDefinitionId": + "policyDefinitionReferenceId": "9129521645803389878"}, {"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005", - "policyDefinitionReferenceId": "2815157106993385363"}]}}' + "policyDefinitionReferenceId": "8504298515002226000"}]}}' headers: Accept: - application/json @@ -6375,31 +10218,31 @@ interactions: Connection: - keep-alive Content-Length: - - '844' + - '845' Content-Type: - application/json; charset=utf-8 ParameterSetName: - -n --params --metadata --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:38.1159201Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:18:39.3593373Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"855924394723084833","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:22.9901988Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T08:44:24.2209086Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"9129521645803389878","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1294' + - '1295' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:38 GMT + - Mon, 22 Mar 2021 08:44:24 GMT expires: - '-1' pragma: @@ -6433,25 +10276,25 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:38.1159201Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","updatedOn":"2020-12-17T19:18:39.3593373Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"855924394723084833","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"2815157106993385363","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' + string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"category":"test2","createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:22.9901988Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","updatedOn":"2021-03-22T08:44:24.2209086Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"9129521645803389878","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8504298515002226000","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}' headers: cache-control: - no-cache content-length: - - '1294' + - '1295' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:39 GMT + - Mon, 22 Mar 2021 08:44:24 GMT expires: - '-1' pragma: @@ -6483,8 +10326,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -6495,7 +10338,7 @@ interactions: R2","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension policies that address a subset of NIST SP 800-171 R2 requirements. Additional policies will be added in upcoming releases. For - more information, visit https://aka.ms/nist800171r2-blueprint.","metadata":{"version":"4.1.0-preview","category":"Regulatory + more information, visit https://aka.ms/nist800171r2-blueprint.","metadata":{"version":"5.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -6524,10 +10367,10 @@ interactions: for App Services","deprecated":true},"defaultValue":"3.6"},"linuxPythonLatestVersionForAppServices":{"type":"String","metadata":{"displayName":"[Preview]: Latest Linux Python version","description":"Latest supported Python version for App Services"},"defaultValue":"3.8"},"listOfResourceTypesForDiagnosticLogs":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","description":"Audit + List of resource types that should have resource logs enabled","description":"Audit diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"minimumTLSVersionForWindowsServers":{"type":"String","metadata":{"displayName":"[Preview]: Minimum TLS version for Windows web servers","description":"The minimum TLS - protocol version that should be enabled on Windows web servers."},"allowedValues":["1.2"],"defaultValue":"1.2"}},"policyDefinitions":[{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"1bc1795ed44a4d489b3b6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.4.7","NIST_SP_800-171_R2_3.4.8","NIST_SP_800-171_R2_3.4.9"]},{"policyDefinitionReferenceId":"496223c3ad654ecd878abae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.3"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"7008174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7238174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7261b8988a844db89e0418527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.8"]},{"policyDefinitionReferenceId":"74c3584dafae46f7a20a6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"7f89b1eb583c429a8828af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesForDiagnosticLogs'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"88999f4c376a45c8bcb34058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"9d0b6ea493e24578bf2f6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersionForWindowsServers'')]"}},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"securityContactPhoneNumberShouldBeProvidedForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocationsForNetworkWatcher'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIDForVMAgents'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-171_R2_3.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.1"},{"name":"NIST_SP_800-171_R2_3.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.2"},{"name":"NIST_SP_800-171_R2_3.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.3"},{"name":"NIST_SP_800-171_R2_3.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.4"},{"name":"NIST_SP_800-171_R2_3.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.5"},{"name":"NIST_SP_800-171_R2_3.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.6"},{"name":"NIST_SP_800-171_R2_3.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.7"},{"name":"NIST_SP_800-171_R2_3.1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.8"},{"name":"NIST_SP_800-171_R2_3.1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.9"},{"name":"NIST_SP_800-171_R2_3.1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.10"},{"name":"NIST_SP_800-171_R2_3.1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.11"},{"name":"NIST_SP_800-171_R2_3.1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.12"},{"name":"NIST_SP_800-171_R2_3.1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.13"},{"name":"NIST_SP_800-171_R2_3.1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.14"},{"name":"NIST_SP_800-171_R2_3.1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.15"},{"name":"NIST_SP_800-171_R2_3.1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.16"},{"name":"NIST_SP_800-171_R2_3.1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.17"},{"name":"NIST_SP_800-171_R2_3.1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.18"},{"name":"NIST_SP_800-171_R2_3.1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.19"},{"name":"NIST_SP_800-171_R2_3.1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.20"},{"name":"NIST_SP_800-171_R2_3.1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.21"},{"name":"NIST_SP_800-171_R2_3.1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.22"},{"name":"NIST_SP_800-171_R2_3.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.1"},{"name":"NIST_SP_800-171_R2_3.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.2"},{"name":"NIST_SP_800-171_R2_3.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.3"},{"name":"NIST_SP_800-171_R2_3.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.1"},{"name":"NIST_SP_800-171_R2_3.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.2"},{"name":"NIST_SP_800-171_R2_3.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.3"},{"name":"NIST_SP_800-171_R2_3.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.4"},{"name":"NIST_SP_800-171_R2_3.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.5"},{"name":"NIST_SP_800-171_R2_3.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.6"},{"name":"NIST_SP_800-171_R2_3.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.7"},{"name":"NIST_SP_800-171_R2_3.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.8"},{"name":"NIST_SP_800-171_R2_3.3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.9"},{"name":"NIST_SP_800-171_R2_3.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.1"},{"name":"NIST_SP_800-171_R2_3.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.2"},{"name":"NIST_SP_800-171_R2_3.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.3"},{"name":"NIST_SP_800-171_R2_3.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.4"},{"name":"NIST_SP_800-171_R2_3.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.5"},{"name":"NIST_SP_800-171_R2_3.4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.6"},{"name":"NIST_SP_800-171_R2_3.4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.7"},{"name":"NIST_SP_800-171_R2_3.4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.8"},{"name":"NIST_SP_800-171_R2_3.4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.9"},{"name":"NIST_SP_800-171_R2_3.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.1"},{"name":"NIST_SP_800-171_R2_3.5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.2"},{"name":"NIST_SP_800-171_R2_3.5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.3"},{"name":"NIST_SP_800-171_R2_3.5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.4"},{"name":"NIST_SP_800-171_R2_3.5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.5"},{"name":"NIST_SP_800-171_R2_3.5.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.6"},{"name":"NIST_SP_800-171_R2_3.5.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.7"},{"name":"NIST_SP_800-171_R2_3.5.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.8"},{"name":"NIST_SP_800-171_R2_3.5.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.9"},{"name":"NIST_SP_800-171_R2_3.5.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.10"},{"name":"NIST_SP_800-171_R2_3.5.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.11"},{"name":"NIST_SP_800-171_R2_3.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.1"},{"name":"NIST_SP_800-171_R2_3.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.2"},{"name":"NIST_SP_800-171_R2_3.6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.3"},{"name":"NIST_SP_800-171_R2_3.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.1"},{"name":"NIST_SP_800-171_R2_3.7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.2"},{"name":"NIST_SP_800-171_R2_3.7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.3"},{"name":"NIST_SP_800-171_R2_3.7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.4"},{"name":"NIST_SP_800-171_R2_3.7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.5"},{"name":"NIST_SP_800-171_R2_3.7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.6"},{"name":"NIST_SP_800-171_R2_3.8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.1"},{"name":"NIST_SP_800-171_R2_3.8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.2"},{"name":"NIST_SP_800-171_R2_3.8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.3"},{"name":"NIST_SP_800-171_R2_3.8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.4"},{"name":"NIST_SP_800-171_R2_3.8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.5"},{"name":"NIST_SP_800-171_R2_3.8.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.6"},{"name":"NIST_SP_800-171_R2_3.8.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.7"},{"name":"NIST_SP_800-171_R2_3.8.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.8"},{"name":"NIST_SP_800-171_R2_3.8.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.9"},{"name":"NIST_SP_800-171_R2_3.9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.1"},{"name":"NIST_SP_800-171_R2_3.9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.2"},{"name":"NIST_SP_800-171_R2_3.10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.1"},{"name":"NIST_SP_800-171_R2_3.10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.2"},{"name":"NIST_SP_800-171_R2_3.10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.3"},{"name":"NIST_SP_800-171_R2_3.10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.4"},{"name":"NIST_SP_800-171_R2_3.10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.5"},{"name":"NIST_SP_800-171_R2_3.10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.6"},{"name":"NIST_SP_800-171_R2_3.11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.1"},{"name":"NIST_SP_800-171_R2_3.11.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.2"},{"name":"NIST_SP_800-171_R2_3.11.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.3"},{"name":"NIST_SP_800-171_R2_3.12.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.1"},{"name":"NIST_SP_800-171_R2_3.12.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.2"},{"name":"NIST_SP_800-171_R2_3.12.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.3"},{"name":"NIST_SP_800-171_R2_3.12.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.4"},{"name":"NIST_SP_800-171_R2_3.13.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.1"},{"name":"NIST_SP_800-171_R2_3.13.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.2"},{"name":"NIST_SP_800-171_R2_3.13.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.3"},{"name":"NIST_SP_800-171_R2_3.13.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.4"},{"name":"NIST_SP_800-171_R2_3.13.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.5"},{"name":"NIST_SP_800-171_R2_3.13.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.6"},{"name":"NIST_SP_800-171_R2_3.13.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.7"},{"name":"NIST_SP_800-171_R2_3.13.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.8"},{"name":"NIST_SP_800-171_R2_3.13.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.9"},{"name":"NIST_SP_800-171_R2_3.13.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.10"},{"name":"NIST_SP_800-171_R2_3.13.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.11"},{"name":"NIST_SP_800-171_R2_3.13.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.12"},{"name":"NIST_SP_800-171_R2_3.13.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.13"},{"name":"NIST_SP_800-171_R2_3.13.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.14"},{"name":"NIST_SP_800-171_R2_3.13.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.15"},{"name":"NIST_SP_800-171_R2_3.13.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.16"},{"name":"NIST_SP_800-171_R2_3.14.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.1"},{"name":"NIST_SP_800-171_R2_3.14.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.2"},{"name":"NIST_SP_800-171_R2_3.14.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.3"},{"name":"NIST_SP_800-171_R2_3.14.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.4"},{"name":"NIST_SP_800-171_R2_3.14.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.5"},{"name":"NIST_SP_800-171_R2_3.14.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.6"},{"name":"NIST_SP_800-171_R2_3.14.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.7"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9","type":"Microsoft.Authorization/policySetDefinitions","name":"03055927-78bd-4236-86c0-f36125a10dc9"},{"properties":{"displayName":"[Deprecated]: + protocol version that should be enabled on Windows web servers."},"allowedValues":["1.2"],"defaultValue":"1.2"}},"policyDefinitions":[{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.16"]},{"policyDefinitionReferenceId":"1bc1795ed44a4d489b3b6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7","NIST_SP_800-171_R2_3.5.8","NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.2","NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12","NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.4.7","NIST_SP_800-171_R2_3.4.8","NIST_SP_800-171_R2_3.4.9"]},{"policyDefinitionReferenceId":"496223c3ad654ecd878abae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.3"]},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''windowsImagesToAddToLogAgentAuditScope'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''linuxImagesToAddToLogAgentAuditScope'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"7008174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7238174afd104ef0817efc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"7261b8988a844db89e0418527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"phpLatestVersion":{"value":"[parameters(''pHPLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.8"]},{"policyDefinitionReferenceId":"74c3584dafae46f7a20a6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"linuxPythonLatestVersion":{"value":"[parameters(''linuxPythonLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.7"]},{"policyDefinitionReferenceId":"7f89b1eb583c429a8828af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesForDiagnosticLogs'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"88999f4c376a45c8bcb34058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"AuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInLocalAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.4"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"9d0b6ea493e24578bf2f6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"javaLatestVersion":{"value":"[parameters(''javaLatestVersionForAppServices'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.1","NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2","NIST_SP_800-171_R2_3.3.4","NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.13.16","NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.2"]},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersionForWindowsServers'')]"}},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocationsForNetworkWatcher'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["NIST_SP_800-171_R2_3.14.6"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.13.8"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.5.3"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.1.1","NIST_SP_800-171_R2_3.1.12"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-171_R2_3.5.10"]},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIDForVMAgents'')]"}},"groupNames":["NIST_SP_800-171_R2_3.3.1","NIST_SP_800-171_R2_3.3.2"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.5"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.1.1"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.13.1","NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.14.1"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-171_R2_3.11.2","NIST_SP_800-171_R2_3.14.1"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-171_R2_3.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.1"},{"name":"NIST_SP_800-171_R2_3.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.2"},{"name":"NIST_SP_800-171_R2_3.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.3"},{"name":"NIST_SP_800-171_R2_3.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.4"},{"name":"NIST_SP_800-171_R2_3.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.5"},{"name":"NIST_SP_800-171_R2_3.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.6"},{"name":"NIST_SP_800-171_R2_3.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.7"},{"name":"NIST_SP_800-171_R2_3.1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.8"},{"name":"NIST_SP_800-171_R2_3.1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.9"},{"name":"NIST_SP_800-171_R2_3.1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.10"},{"name":"NIST_SP_800-171_R2_3.1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.11"},{"name":"NIST_SP_800-171_R2_3.1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.12"},{"name":"NIST_SP_800-171_R2_3.1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.13"},{"name":"NIST_SP_800-171_R2_3.1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.14"},{"name":"NIST_SP_800-171_R2_3.1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.15"},{"name":"NIST_SP_800-171_R2_3.1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.16"},{"name":"NIST_SP_800-171_R2_3.1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.17"},{"name":"NIST_SP_800-171_R2_3.1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.18"},{"name":"NIST_SP_800-171_R2_3.1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.19"},{"name":"NIST_SP_800-171_R2_3.1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.20"},{"name":"NIST_SP_800-171_R2_3.1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.21"},{"name":"NIST_SP_800-171_R2_3.1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.1.22"},{"name":"NIST_SP_800-171_R2_3.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.1"},{"name":"NIST_SP_800-171_R2_3.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.2"},{"name":"NIST_SP_800-171_R2_3.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.2.3"},{"name":"NIST_SP_800-171_R2_3.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.1"},{"name":"NIST_SP_800-171_R2_3.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.2"},{"name":"NIST_SP_800-171_R2_3.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.3"},{"name":"NIST_SP_800-171_R2_3.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.4"},{"name":"NIST_SP_800-171_R2_3.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.5"},{"name":"NIST_SP_800-171_R2_3.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.6"},{"name":"NIST_SP_800-171_R2_3.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.7"},{"name":"NIST_SP_800-171_R2_3.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.8"},{"name":"NIST_SP_800-171_R2_3.3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.3.9"},{"name":"NIST_SP_800-171_R2_3.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.1"},{"name":"NIST_SP_800-171_R2_3.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.2"},{"name":"NIST_SP_800-171_R2_3.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.3"},{"name":"NIST_SP_800-171_R2_3.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.4"},{"name":"NIST_SP_800-171_R2_3.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.5"},{"name":"NIST_SP_800-171_R2_3.4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.6"},{"name":"NIST_SP_800-171_R2_3.4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.7"},{"name":"NIST_SP_800-171_R2_3.4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.8"},{"name":"NIST_SP_800-171_R2_3.4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.4.9"},{"name":"NIST_SP_800-171_R2_3.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.1"},{"name":"NIST_SP_800-171_R2_3.5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.2"},{"name":"NIST_SP_800-171_R2_3.5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.3"},{"name":"NIST_SP_800-171_R2_3.5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.4"},{"name":"NIST_SP_800-171_R2_3.5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.5"},{"name":"NIST_SP_800-171_R2_3.5.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.6"},{"name":"NIST_SP_800-171_R2_3.5.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.7"},{"name":"NIST_SP_800-171_R2_3.5.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.8"},{"name":"NIST_SP_800-171_R2_3.5.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.9"},{"name":"NIST_SP_800-171_R2_3.5.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.10"},{"name":"NIST_SP_800-171_R2_3.5.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.5.11"},{"name":"NIST_SP_800-171_R2_3.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.1"},{"name":"NIST_SP_800-171_R2_3.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.2"},{"name":"NIST_SP_800-171_R2_3.6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.6.3"},{"name":"NIST_SP_800-171_R2_3.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.1"},{"name":"NIST_SP_800-171_R2_3.7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.2"},{"name":"NIST_SP_800-171_R2_3.7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.3"},{"name":"NIST_SP_800-171_R2_3.7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.4"},{"name":"NIST_SP_800-171_R2_3.7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.5"},{"name":"NIST_SP_800-171_R2_3.7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.7.6"},{"name":"NIST_SP_800-171_R2_3.8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.1"},{"name":"NIST_SP_800-171_R2_3.8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.2"},{"name":"NIST_SP_800-171_R2_3.8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.3"},{"name":"NIST_SP_800-171_R2_3.8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.4"},{"name":"NIST_SP_800-171_R2_3.8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.5"},{"name":"NIST_SP_800-171_R2_3.8.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.6"},{"name":"NIST_SP_800-171_R2_3.8.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.7"},{"name":"NIST_SP_800-171_R2_3.8.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.8"},{"name":"NIST_SP_800-171_R2_3.8.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.8.9"},{"name":"NIST_SP_800-171_R2_3.9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.1"},{"name":"NIST_SP_800-171_R2_3.9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.9.2"},{"name":"NIST_SP_800-171_R2_3.10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.1"},{"name":"NIST_SP_800-171_R2_3.10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.2"},{"name":"NIST_SP_800-171_R2_3.10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.3"},{"name":"NIST_SP_800-171_R2_3.10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.4"},{"name":"NIST_SP_800-171_R2_3.10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.5"},{"name":"NIST_SP_800-171_R2_3.10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.10.6"},{"name":"NIST_SP_800-171_R2_3.11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.1"},{"name":"NIST_SP_800-171_R2_3.11.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.2"},{"name":"NIST_SP_800-171_R2_3.11.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.11.3"},{"name":"NIST_SP_800-171_R2_3.12.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.1"},{"name":"NIST_SP_800-171_R2_3.12.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.2"},{"name":"NIST_SP_800-171_R2_3.12.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.3"},{"name":"NIST_SP_800-171_R2_3.12.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.12.4"},{"name":"NIST_SP_800-171_R2_3.13.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.1"},{"name":"NIST_SP_800-171_R2_3.13.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.2"},{"name":"NIST_SP_800-171_R2_3.13.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.3"},{"name":"NIST_SP_800-171_R2_3.13.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.4"},{"name":"NIST_SP_800-171_R2_3.13.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.5"},{"name":"NIST_SP_800-171_R2_3.13.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.6"},{"name":"NIST_SP_800-171_R2_3.13.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.7"},{"name":"NIST_SP_800-171_R2_3.13.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.8"},{"name":"NIST_SP_800-171_R2_3.13.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.9"},{"name":"NIST_SP_800-171_R2_3.13.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.10"},{"name":"NIST_SP_800-171_R2_3.13.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.11"},{"name":"NIST_SP_800-171_R2_3.13.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.12"},{"name":"NIST_SP_800-171_R2_3.13.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.13"},{"name":"NIST_SP_800-171_R2_3.13.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.14"},{"name":"NIST_SP_800-171_R2_3.13.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.15"},{"name":"NIST_SP_800-171_R2_3.13.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.13.16"},{"name":"NIST_SP_800-171_R2_3.14.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.1"},{"name":"NIST_SP_800-171_R2_3.14.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.2"},{"name":"NIST_SP_800-171_R2_3.14.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.3"},{"name":"NIST_SP_800-171_R2_3.14.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.4"},{"name":"NIST_SP_800-171_R2_3.14.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.5"},{"name":"NIST_SP_800-171_R2_3.14.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.6"},{"name":"NIST_SP_800-171_R2_3.14.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-171_R2_3.14.7"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9","type":"Microsoft.Authorization/policySetDefinitions","name":"03055927-78bd-4236-86c0-f36125a10dc9"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs in which the Administrators group does not contain only the specified members","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines in which @@ -6553,16 +10396,16 @@ interactions: September 2016","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/irs1075-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/irs1075-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List - of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"[Preview]: + of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines","policyType":"BuiltIn","description":"This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be @@ -6581,9 +10424,9 @@ interactions: should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/133046de-0bd7-4546-93f4-f452e9e258b7","type":"Microsoft.Authorization/policySetDefinitions","name":"133046de-0bd7-4546-93f4-f452e9e258b7"},{"properties":{"displayName":"CIS Microsoft Azure Foundations Benchmark 1.1.0","policyType":"BuiltIn","description":"This - initiative includes audit policies that address a subset of CIS Microsoft - Azure Foundations Benchmark recommendations. Additional policies will be added - in upcoming releases. For more information, visit https://aka.ms/cisazure-blueprint.","metadata":{"version":"7.1.0","category":"Regulatory + initiative includes policies that address a subset of CIS Microsoft Azure + Foundations Benchmark recommendations. Additional policies will be added in + upcoming releases. For more information, visit https://aka.ms/cisazure110-initiative.","metadata":{"version":"9.0.0","category":"Regulatory Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List of regions where Network Watcher should be enabled","description":"To see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"NetworkWatcher @@ -6591,10 +10434,13 @@ interactions: such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List of virtual machine extensions that are approved for use","description":"A semicolon-separated list of virtual machine extensions; to see a complete - list of extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.2"]},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.23"]},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.2"]},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.3","CIS_Azure_1.1.0_7.5"]},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.4"]},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.5","CIS_Azure_1.1.0_7.6"]},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.6","CIS_Azure_1.1.0_7.1","CIS_Azure_1.1.0_7.2"]},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.7"]},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.10"]},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.12"]},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.13"]},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.14","CIS_Azure_1.1.0_4.1"]},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.15","CIS_Azure_1.1.0_4.9"]},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.16"]},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.17"]},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.18"]},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.19"]},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.1"]},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.7"]},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.8"]},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.2"]},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.3"]},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.8"]},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.11"]},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.12"]},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.13"]},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.14"]},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.15"]},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.17"]},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.1"]},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.2"]},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.3"]},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.4"]},{"policyDefinitionReferenceId":"CISv110x5x1x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.6"]},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.1"]},{"policyDefinitionReferenceId":"CISv110x5x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.2"]},{"policyDefinitionReferenceId":"CISv110x5x2x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.3"]},{"policyDefinitionReferenceId":"CISv110x5x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.4"]},{"policyDefinitionReferenceId":"CISv110x5x2x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.5"]},{"policyDefinitionReferenceId":"CISv110x5x2x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.6"]},{"policyDefinitionReferenceId":"CISv110x5x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/policies/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.9"]},{"policyDefinitionReferenceId":"CISv110x6x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.1"]},{"policyDefinitionReferenceId":"CISv110x6x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.2"]},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["CIS_Azure_1.1.0_6.5"]},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["CIS_Azure_1.1.0_7.3"]},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}},"groupNames":["CIS_Azure_1.1.0_7.4"]},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.5"]},{"policyDefinitionReferenceId":"CISv110x9x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.2"]},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.1"},{"name":"CIS_Azure_1.1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.5"},{"name":"CIS_Azure_1.1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.6"},{"name":"CIS_Azure_1.1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.7"},{"name":"CIS_Azure_1.1.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.15"},{"name":"CIS_Azure_1.1.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.21"},{"name":"CIS_Azure_1.1.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.22"},{"name":"CIS_Azure_1.1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.2"},{"name":"CIS_Azure_1.1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.3"},{"name":"CIS_Azure_1.1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.4"},{"name":"CIS_Azure_1.1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.8"},{"name":"CIS_Azure_1.1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.9"},{"name":"CIS_Azure_1.1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.10"},{"name":"CIS_Azure_1.1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.11"},{"name":"CIS_Azure_1.1.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.12"},{"name":"CIS_Azure_1.1.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.13"},{"name":"CIS_Azure_1.1.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.14"},{"name":"CIS_Azure_1.1.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.16"},{"name":"CIS_Azure_1.1.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.17"},{"name":"CIS_Azure_1.1.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.18"},{"name":"CIS_Azure_1.1.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.19"},{"name":"CIS_Azure_1.1.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.20"},{"name":"CIS_Azure_1.1.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.23"},{"name":"CIS_Azure_1.1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.1"},{"name":"CIS_Azure_1.1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.2"},{"name":"CIS_Azure_1.1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.3"},{"name":"CIS_Azure_1.1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.4"},{"name":"CIS_Azure_1.1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.5"},{"name":"CIS_Azure_1.1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.6"},{"name":"CIS_Azure_1.1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.7"},{"name":"CIS_Azure_1.1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.8"},{"name":"CIS_Azure_1.1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.9"},{"name":"CIS_Azure_1.1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.10"},{"name":"CIS_Azure_1.1.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.11"},{"name":"CIS_Azure_1.1.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.12"},{"name":"CIS_Azure_1.1.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.13"},{"name":"CIS_Azure_1.1.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.14"},{"name":"CIS_Azure_1.1.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.15"},{"name":"CIS_Azure_1.1.0_2.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.16"},{"name":"CIS_Azure_1.1.0_2.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.17"},{"name":"CIS_Azure_1.1.0_2.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.18"},{"name":"CIS_Azure_1.1.0_2.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.19"},{"name":"CIS_Azure_1.1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.1"},{"name":"CIS_Azure_1.1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.2"},{"name":"CIS_Azure_1.1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.4"},{"name":"CIS_Azure_1.1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.5"},{"name":"CIS_Azure_1.1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.6"},{"name":"CIS_Azure_1.1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.3"},{"name":"CIS_Azure_1.1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.7"},{"name":"CIS_Azure_1.1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.8"},{"name":"CIS_Azure_1.1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.1"},{"name":"CIS_Azure_1.1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.2"},{"name":"CIS_Azure_1.1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.3"},{"name":"CIS_Azure_1.1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.4"},{"name":"CIS_Azure_1.1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.5"},{"name":"CIS_Azure_1.1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.6"},{"name":"CIS_Azure_1.1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.7"},{"name":"CIS_Azure_1.1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.8"},{"name":"CIS_Azure_1.1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.9"},{"name":"CIS_Azure_1.1.0_4.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.10"},{"name":"CIS_Azure_1.1.0_4.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.11"},{"name":"CIS_Azure_1.1.0_4.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.12"},{"name":"CIS_Azure_1.1.0_4.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.13"},{"name":"CIS_Azure_1.1.0_4.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.14"},{"name":"CIS_Azure_1.1.0_4.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.15"},{"name":"CIS_Azure_1.1.0_4.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.16"},{"name":"CIS_Azure_1.1.0_4.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.17"},{"name":"CIS_Azure_1.1.0_4.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.18"},{"name":"CIS_Azure_1.1.0_4.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.19"},{"name":"CIS_Azure_1.1.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.1"},{"name":"CIS_Azure_1.1.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.2"},{"name":"CIS_Azure_1.1.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.3"},{"name":"CIS_Azure_1.1.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.4"},{"name":"CIS_Azure_1.1.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.5"},{"name":"CIS_Azure_1.1.0_5.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.6"},{"name":"CIS_Azure_1.1.0_5.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.7"},{"name":"CIS_Azure_1.1.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.1"},{"name":"CIS_Azure_1.1.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.2"},{"name":"CIS_Azure_1.1.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.3"},{"name":"CIS_Azure_1.1.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.4"},{"name":"CIS_Azure_1.1.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.5"},{"name":"CIS_Azure_1.1.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.6"},{"name":"CIS_Azure_1.1.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.7"},{"name":"CIS_Azure_1.1.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.8"},{"name":"CIS_Azure_1.1.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.9"},{"name":"CIS_Azure_1.1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.1"},{"name":"CIS_Azure_1.1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.2"},{"name":"CIS_Azure_1.1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.3"},{"name":"CIS_Azure_1.1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.5"},{"name":"CIS_Azure_1.1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.4"},{"name":"CIS_Azure_1.1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.1"},{"name":"CIS_Azure_1.1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.2"},{"name":"CIS_Azure_1.1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.3"},{"name":"CIS_Azure_1.1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.4"},{"name":"CIS_Azure_1.1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.5"},{"name":"CIS_Azure_1.1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.6"},{"name":"CIS_Azure_1.1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.1"},{"name":"CIS_Azure_1.1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.2"},{"name":"CIS_Azure_1.1.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.4"},{"name":"CIS_Azure_1.1.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.5"},{"name":"CIS_Azure_1.1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.3"},{"name":"CIS_Azure_1.1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.1"},{"name":"CIS_Azure_1.1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.2"},{"name":"CIS_Azure_1.1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.3"},{"name":"CIS_Azure_1.1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.4"},{"name":"CIS_Azure_1.1.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.5"},{"name":"CIS_Azure_1.1.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.6"},{"name":"CIS_Azure_1.1.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.7"},{"name":"CIS_Azure_1.1.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.8"},{"name":"CIS_Azure_1.1.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.9"},{"name":"CIS_Azure_1.1.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.10"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"Enable - Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor - all the available security recommendations in Azure Security Center. This - is the default policy for Azure Security Center.","metadata":{"version":"20.0.0","category":"Security + list of extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.1"]},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.2"]},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.3"]},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["CIS_Azure_1.1.0_1.23"]},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.1"]},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.2"]},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.3","CIS_Azure_1.1.0_7.5"]},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.4"]},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.5","CIS_Azure_1.1.0_7.6"]},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.6","CIS_Azure_1.1.0_7.1","CIS_Azure_1.1.0_7.2"]},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.7"]},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.9"]},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.10"]},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.12"]},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.13"]},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.14","CIS_Azure_1.1.0_4.1"]},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.15","CIS_Azure_1.1.0_4.9"]},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.16"]},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.18"]},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{},"groupNames":["CIS_Azure_1.1.0_2.19"]},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.1"]},{"policyDefinitionReferenceId":"CISv110x3x6CISv110x5x1x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.6","CIS_Azure_1.1.0_5.1.5"]},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.7"]},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{},"groupNames":["CIS_Azure_1.1.0_3.8"]},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.2"]},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.3"]},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.4"]},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.8"]},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.10"]},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.11"]},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.12"]},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.13"]},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.14"]},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.15"]},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{},"groupNames":["CIS_Azure_1.1.0_4.17"]},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.1"]},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.2"]},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.3"]},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.4"]},{"policyDefinitionReferenceId":"CISv110x5x1x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.6"]},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.1"]},{"policyDefinitionReferenceId":"CISv110x5x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.2"]},{"policyDefinitionReferenceId":"CISv110x5x2x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.3"]},{"policyDefinitionReferenceId":"CISv110x5x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.4"]},{"policyDefinitionReferenceId":"CISv110x5x2x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.5"]},{"policyDefinitionReferenceId":"CISv110x5x2x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.6"]},{"policyDefinitionReferenceId":"CISv110x5x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.7"]},{"policyDefinitionReferenceId":"CISv110x5x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.1.0_5.2.8"]},{"policyDefinitionReferenceId":"CISv110x5x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"operationName":{"value":"Microsoft.Security/policies/write"}},"groupNames":["CIS_Azure_1.1.0_5.2.9"]},{"policyDefinitionReferenceId":"CISv110x6x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.1"]},{"policyDefinitionReferenceId":"CISv110x6x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{},"groupNames":["CIS_Azure_1.1.0_6.2"]},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["CIS_Azure_1.1.0_6.5"]},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["CIS_Azure_1.1.0_7.3"]},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}},"groupNames":["CIS_Azure_1.1.0_7.4"]},{"policyDefinitionReferenceId":"CISv110x8x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.1"]},{"policyDefinitionReferenceId":"CISv110x8x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.2"]},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.5"]},{"policyDefinitionReferenceId":"CISv110x9x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x1mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.1"]},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.2"]},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.3"]},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.4"]},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.5"]},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.7"]},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.8"]},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.9"]},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{},"groupNames":["CIS_Azure_1.1.0_9.10"]},{"policyDefinitionReferenceId":"CISv110x5x1x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b","parameters":{},"groupNames":["CIS_Azure_1.1.0_5.1.7"]},{"policyDefinitionReferenceId":"CISv110x8x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383","parameters":{},"groupNames":["CIS_Azure_1.1.0_8.4"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.1"},{"name":"CIS_Azure_1.1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.5"},{"name":"CIS_Azure_1.1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.6"},{"name":"CIS_Azure_1.1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.7"},{"name":"CIS_Azure_1.1.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.15"},{"name":"CIS_Azure_1.1.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.21"},{"name":"CIS_Azure_1.1.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.22"},{"name":"CIS_Azure_1.1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.2"},{"name":"CIS_Azure_1.1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.3"},{"name":"CIS_Azure_1.1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.4"},{"name":"CIS_Azure_1.1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.8"},{"name":"CIS_Azure_1.1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.9"},{"name":"CIS_Azure_1.1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.10"},{"name":"CIS_Azure_1.1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.11"},{"name":"CIS_Azure_1.1.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.12"},{"name":"CIS_Azure_1.1.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.13"},{"name":"CIS_Azure_1.1.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.14"},{"name":"CIS_Azure_1.1.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.16"},{"name":"CIS_Azure_1.1.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.17"},{"name":"CIS_Azure_1.1.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.18"},{"name":"CIS_Azure_1.1.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.19"},{"name":"CIS_Azure_1.1.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.20"},{"name":"CIS_Azure_1.1.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_1.23"},{"name":"CIS_Azure_1.1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.1"},{"name":"CIS_Azure_1.1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.2"},{"name":"CIS_Azure_1.1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.3"},{"name":"CIS_Azure_1.1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.4"},{"name":"CIS_Azure_1.1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.5"},{"name":"CIS_Azure_1.1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.6"},{"name":"CIS_Azure_1.1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.7"},{"name":"CIS_Azure_1.1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.8"},{"name":"CIS_Azure_1.1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.9"},{"name":"CIS_Azure_1.1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.10"},{"name":"CIS_Azure_1.1.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.11"},{"name":"CIS_Azure_1.1.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.12"},{"name":"CIS_Azure_1.1.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.13"},{"name":"CIS_Azure_1.1.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.14"},{"name":"CIS_Azure_1.1.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.15"},{"name":"CIS_Azure_1.1.0_2.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.16"},{"name":"CIS_Azure_1.1.0_2.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.17"},{"name":"CIS_Azure_1.1.0_2.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.18"},{"name":"CIS_Azure_1.1.0_2.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_2.19"},{"name":"CIS_Azure_1.1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.1"},{"name":"CIS_Azure_1.1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.2"},{"name":"CIS_Azure_1.1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.4"},{"name":"CIS_Azure_1.1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.5"},{"name":"CIS_Azure_1.1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.6"},{"name":"CIS_Azure_1.1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.3"},{"name":"CIS_Azure_1.1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.7"},{"name":"CIS_Azure_1.1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_3.8"},{"name":"CIS_Azure_1.1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.1"},{"name":"CIS_Azure_1.1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.2"},{"name":"CIS_Azure_1.1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.3"},{"name":"CIS_Azure_1.1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.4"},{"name":"CIS_Azure_1.1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.5"},{"name":"CIS_Azure_1.1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.6"},{"name":"CIS_Azure_1.1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.7"},{"name":"CIS_Azure_1.1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.8"},{"name":"CIS_Azure_1.1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.9"},{"name":"CIS_Azure_1.1.0_4.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.10"},{"name":"CIS_Azure_1.1.0_4.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.11"},{"name":"CIS_Azure_1.1.0_4.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.12"},{"name":"CIS_Azure_1.1.0_4.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.13"},{"name":"CIS_Azure_1.1.0_4.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.14"},{"name":"CIS_Azure_1.1.0_4.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.15"},{"name":"CIS_Azure_1.1.0_4.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.16"},{"name":"CIS_Azure_1.1.0_4.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.17"},{"name":"CIS_Azure_1.1.0_4.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.18"},{"name":"CIS_Azure_1.1.0_4.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_4.19"},{"name":"CIS_Azure_1.1.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.1"},{"name":"CIS_Azure_1.1.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.2"},{"name":"CIS_Azure_1.1.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.3"},{"name":"CIS_Azure_1.1.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.4"},{"name":"CIS_Azure_1.1.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.5"},{"name":"CIS_Azure_1.1.0_5.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.6"},{"name":"CIS_Azure_1.1.0_5.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.1.7"},{"name":"CIS_Azure_1.1.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.1"},{"name":"CIS_Azure_1.1.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.2"},{"name":"CIS_Azure_1.1.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.3"},{"name":"CIS_Azure_1.1.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.4"},{"name":"CIS_Azure_1.1.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.5"},{"name":"CIS_Azure_1.1.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.6"},{"name":"CIS_Azure_1.1.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.7"},{"name":"CIS_Azure_1.1.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.8"},{"name":"CIS_Azure_1.1.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_5.2.9"},{"name":"CIS_Azure_1.1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.1"},{"name":"CIS_Azure_1.1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.2"},{"name":"CIS_Azure_1.1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.3"},{"name":"CIS_Azure_1.1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.5"},{"name":"CIS_Azure_1.1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_6.4"},{"name":"CIS_Azure_1.1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.1"},{"name":"CIS_Azure_1.1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.2"},{"name":"CIS_Azure_1.1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.3"},{"name":"CIS_Azure_1.1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.4"},{"name":"CIS_Azure_1.1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.5"},{"name":"CIS_Azure_1.1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_7.6"},{"name":"CIS_Azure_1.1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.1"},{"name":"CIS_Azure_1.1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.2"},{"name":"CIS_Azure_1.1.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.4"},{"name":"CIS_Azure_1.1.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.5"},{"name":"CIS_Azure_1.1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_8.3"},{"name":"CIS_Azure_1.1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.1"},{"name":"CIS_Azure_1.1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.2"},{"name":"CIS_Azure_1.1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.3"},{"name":"CIS_Azure_1.1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.4"},{"name":"CIS_Azure_1.1.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.5"},{"name":"CIS_Azure_1.1.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.6"},{"name":"CIS_Azure_1.1.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.7"},{"name":"CIS_Azure_1.1.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.8"},{"name":"CIS_Azure_1.1.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.9"},{"name":"CIS_Azure_1.1.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.1.0_9.10"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"Azure + Security Benchmark","policyType":"BuiltIn","description":"The Azure Security + Benchmark initiative represents the policies and controls implementing security + recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. + This also serves as the Azure Security Center default policy initiative. You + can directly assign this initiative, or manage its policies and compliance + results within Azure Security Center.","metadata":{"version":"25.1.1","category":"Security Center"},"parameters":{"useServicePrincipalToProtectSubscriptionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Service principals should be used to protect your subscriptions instead of management certificates","description":"Management certificates allow anyone who authenticates @@ -6626,13 +10472,12 @@ interactions: key vault secrets should have expiration dates set."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"keysExpirationSetEffect":{"type":"String","metadata":{"displayName":"Key Vault keys should have expiration dates set","description":"Enable or disable key vault keys should have expiration dates set."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"azurePolicyforWindowsMonitoringEffect":{"type":"String","metadata":{"displayName":"Guest - Configuration extension should be installed on Windows virtual machines","description":"Enable + Configuration extension should be installed on virtual machines","description":"Enable or disable virtual machines reporting that the Guest Configuration extension - for Windows should be installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"gcExtOnVMWithNoSAMIMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual - Machines with Guest Configuration extension should have system assigned managed - identities","description":"Enable or disable virtual machines with no system - assigned managed identity reporting that the Guest Configuration extension - is installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"windowsDefenderExploitGuardMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows + should be installed"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"gcExtOnVMWithNoSAMIMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual + machines'' Guest Configuration extension should be deployed with system-assigned + managed identity","description":"Enable or disable Virtual machines'' Guest + Configuration extension should be deployed with system-assigned managed identity"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"windowsDefenderExploitGuardMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows Defender Exploit Guard should be enabled on your Windows virtual machines","description":"Enable or disable virtual machines reporting that Windows Defender Exploit Guard is enabled"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System @@ -6665,7 +10510,7 @@ interactions: NSG rules monitoring."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"A + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"A vulnerability assessment solution should be enabled on your virtual machines","description":"Enable or disable the detection of virtual machine vulnerabilities by Azure Security Center vulnerability assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit @@ -6695,74 +10540,74 @@ interactions: servers should be configured with auditing retention days greater than 90 days","description":"Enable or disable the monitoring of SQL servers with auditing retention period less than 90","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInAppServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure App Services","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs in Azure App Services","description":"Enable or disable the + monitoring of resource logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in App Services should be enabled","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation + monitoring of resource logs in Azure App Services","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation account variables should be encrypted","description":"Enable or disable the - monitoring of automation account encryption"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + monitoring of automation account encryption"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Batch accounts should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric + resource logs retention period in days"},"defaultValue":"1"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric alert rules should be configured on Batch accounts","description":"Enable or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual machines should be migrated to new Azure Resource Manager resources","description":"Enable or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage accounts should be migrated to new Azure Resource Manager resources","description":"Enable - or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Data Lake Analytics should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Data Lake Analytics accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + required resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Azure Data Lake Store should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required + disable the monitoring of resource logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + required resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Event Hub should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Key Vault should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Key Vault vaults","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Logic Apps should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Logic Apps workflows","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only + resource logs retention period in days"},"defaultValue":"1"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only secure connections to your Redis Cache should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of resource logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Search services should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service + resource logs retention period in days"},"defaultValue":"1"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service Fabric clusters should only use Azure Active Directory for client authentication","description":"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","description":"Enable - or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Service Bus should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Service Bus","description":"The required diagnostic - logs retention period in days"},"defaultValue":"365"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All + monitoring of resource logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required + retention (in days) of logs in Service Bus","description":"The required resource + logs retention period in days"},"defaultValue":"1"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace","description":"Enable or disable the monitoring of Service Bus namespace authorization rules","deprecated":true},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"aadAuthenticationInSqlServerMonitoringEffect":{"type":"String","metadata":{"displayName":"An Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Secure transfer to storage accounts should be enabled","description":"Enable or disable - the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Azure Stream Analytics should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required + disable the monitoring of resource logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Stream Analytics","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit + resource logs retention period in days"},"defaultValue":"1"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit usage of custom RBAC rules","description":"Enable or disable the monitoring of using built-in RBAC rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit unrestricted network access to storage accounts","description":"Enable or - disable the monitoring of network access to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + disable the monitoring of network access to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Virtual Machine Scale Sets should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All + or disable the monitoring of resource logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace","description":"Enable or disable the monitoring of access rules in Event Hub namespaces","deprecated":true},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"accessRulesInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Authorization @@ -6770,7 +10615,12 @@ interactions: disable the monitoring of access rules in Event Hubs","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverSqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities + on your SQL servers on machine should be remediated","description":"SQL Vulnerability + assessment scans your database for security vulnerabilities, and exposes any + deviations from best practices such as misconfigurations, excessive permissions, + and unprotected sensitive data. Resolving the vulnerabilities found can greatly + improve your database security posture."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive data in your SQL databases should be classified","description":"Enable or disable the monitoring of sensitive data classification in databases."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"type":"String","metadata":{"displayName":"A maximum of 3 owners should be designated for your subscription","description":"Enable @@ -6873,11 +10723,11 @@ interactions: use latest Python in Web App","description":"Enable or disable the monitoring of Python version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vnetEnableDDoSProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure DDoS Protection Standard should be enabled","description":"Enable or disable - the monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + the monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in IoT Hub should be enabled","description":"Enable or disable the monitoring - of diagnostic logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + of resource logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in IoT Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced + resource logs retention period in days"},"defaultValue":"1"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced data security should be enabled on your SQL servers","description":"Enable or disable the monitoring of SQL servers without Advanced Data Security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced data security should be enabled on SQL Managed Instance","description":"Enable @@ -6930,7 +10780,7 @@ interactions: Security settings","description":"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management ports should be closed on your virtual machines","description":"Enable or @@ -7129,8 +10979,8 @@ interactions: region failure. Configuring geo-redundant storage for backup is only allowed during server create."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest TLS version should be used in your API App","description":"Upgrade to the - latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic - logs in App Services should be enabled","description":"Audit enabling of diagnostic + latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource + logs in App Services should be enabled","description":"Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"Managed identity should be used in your API App","description":"Use a managed identity @@ -7224,7 +11074,283 @@ interactions: should be required in your Web App","description":"Enable FTPS enforcement for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS only should be required in your API App","description":"Enable FTPS enforcement - for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"useServicePrincipalToProtectSubscriptionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''useServicePrincipalToProtectSubscriptionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"updateOsVersionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a913c68-0590-402c-a531-e57e19379da3","parameters":{"effect":{"value":"[parameters(''updateOsVersionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"resolveLogAnalyticsHealthIssuesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''resolveLogAnalyticsHealthIssuesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmssMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmssMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"certificatesValidityPeriodMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","parameters":{"effect":{"value":"[parameters(''certificatesValidityPeriodMonitoringEffect'')]"},"maximumValidityInMonths":{"value":"[parameters(''certificatesValidityPeriodInMonths'')]"}}},{"policyDefinitionReferenceId":"secretsExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''secretsExpirationSetEffect'')]"}}},{"policyDefinitionReferenceId":"keysExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''keysExpirationSetEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"gcExtOnVMMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''azurePolicyforWindowsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"gcExtOnVMWithNoSAMIMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''gcExtOnVMWithNoSAMIMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"windowsDefenderExploitGuardMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"effect":{"value":"[parameters(''windowsDefenderExploitGuardMonitoringEffect'')]"},"NotAvailableMachineState":{"value":"Compliant"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsUpdateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsUpdateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnInternalVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}},{"policyDefinitionReferenceId":"AzureFirewallEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''AzureFirewallEffect'')]"}}},{"policyDefinitionReferenceId":"ArcWindowsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''ArcWindowsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ArcLinuxMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''ArcLinuxMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"keyVaultsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''keyVaultsAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServersAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''sqlServersAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageAccountsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''storageAccountsAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"appServicesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''appServicesAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerRegistryAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''containerRegistryAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"virtualMachinesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''virtualMachinesAdvancedThreatProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"azurePolicyAddonStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''azurePolicyAddonStatusEffect'')]"}}},{"policyDefinitionReferenceId":"ensureAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"effect":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterEffect'')]"},"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterRegex'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerImagesNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"privilegedContainersShouldBeAvoided","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''privilegedContainersShouldBeAvoidedEffect'')]"},"excludedNamespaces":{"value":"[parameters(''privilegedContainerNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"allowedContainerPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"effect":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterEffect'')]"},"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"allowedServicePortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"effect":{"value":"[parameters(''allowedServicePortsInKubernetesClusterEffect'')]"},"allowedServicePortsList":{"value":"[parameters(''allowedservicePortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedServicePortsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"memoryAndCPULimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"effect":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterEffect'')]"},"cpuLimit":{"value":"[parameters(''CPUInKubernetesClusterLimit'')]"},"memoryLimit":{"value":"[parameters(''memoryInKubernetesClusterLimit'')]"},"excludedNamespaces":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"MustRunAsNonRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''MustRunAsNonRootNamespaceEffect'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"excludedNamespaces":{"value":"[parameters(''MustRunAsNonRootNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"containerRegistryVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''containerRegistryVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"NoPrivilegeEscalationInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"NoSharingSensitiveHostNamespacesInKubernetes","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"ReadOnlyRootFileSystemInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterNamespaceExclusion'')]"}}},{"policyDefinitionReferenceId":"AllowedCapabilitiesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterNamespaceExclusion'')]"},"allowedCapabilities":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterList'')]"},"requiredDropCapabilities":{"value":"[parameters(''DropCapabilitiesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"AllowedAppArmorProfilesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterNamespaceExclusion'')]"},"allowedProfiles":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"AllowedHostNetworkingAndPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterNamespaceExclusion'')]"},"allowHostNetwork":{"value":"[parameters(''AllowHostNetworkingInKubernetesCluster'')]"},"minPort":{"value":"[parameters(''AllowedHostMinPortInKubernetesCluster'')]"},"maxPort":{"value":"[parameters(''AllowedHostMaxPortInKubernetesCluster'')]"}}},{"policyDefinitionReferenceId":"AllowedHostPathVolumesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterNamespaceExclusion'')]"},"allowedHostPaths":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterList'')]"}}},{"policyDefinitionReferenceId":"StorageDisallowPublicAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''disallowPublicBlobAccessEffect'')]"}}},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''fTPSShouldBeRequiredInYourWebAppMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Deprecated]: + for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Function + apps should have ''Client Certificates (Incoming client certificates)'' enabled","description":"Client + certificates allow for the app to request a certificate for incoming requests. + Only clients with valid certificates will be able to reach the app."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should enable data encryption with a customer-managed key","description":"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/cosmosdb-cmk."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cosmos DB accounts should use customer-managed keys to encrypt data at rest","description":"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/cosmosdb-cmk."},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Key + vaults should have purge protection enabled","description":"Malicious deletion + of a key vault can lead to permanent data loss. A malicious insider in your + organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Key + vaults should have soft delete enabled","description":"Deleting a key vault + without soft delete enabled permanently deletes all secrets, keys, and certificates + stored in the key vault. Accidental deletion of a key vault can lead to permanent + data loss. Soft delete allows you to recover an accidentally deleted key vault + for a configurable retention period."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cache for Redis should reside within a virtual network","description":"Azure + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + accounts should use customer-managed key for encryption","description":"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + accounts should restrict network access using virtual network rules","description":"Protect + your storage accounts from potential threats using virtual network rules as + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should be encrypted with a customer-managed key","description":"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/acr/CMK."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should not allow unrestricted network access","description":"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn''t have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"containerRegistriesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Container + registries should use private link","description":"Azure Private Link lets + you connect your virtual network to Azure services without a public IP address + at the source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network.By mapping + private endpoints to your container registries instead of the entire service, + you''ll also be protected against data leakage risks. Learn more at: https://aka.ms/acr/private-link."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"appConfigurationShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"App + Configuration should use private link","description":"Azure Private Link lets + you connect your virtual network to Azure services without a public IP address + at the source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your app configuration instances instead of the entire + service, you''ll also be protected against data leakage risks. Learn more + at: https://aka.ms/appconfig/private-endpoint."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Event Grid domains should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network.By + mapping private endpoints to your Event Grid domains instead of the entire + service, you''ll also be protected against data leakage risks.Learn more at: + https://aka.ms/privateendpoints."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Event Grid topics should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network. + By mapping private endpoints to your topics instead of the entire service, + you''ll also be protected against data leakage risks. Learn more at: https://aka.ms/privateendpoints."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureSignalRServiceShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + SignalR Service should use private link","description":"Azure Private Link + lets you connect your virtual network to Azure services without a public IP + address at the source or destination. The private link platform handles the + connectivity between the consumer and services over the Azure backbone network. + By mapping private endpoints to your SignalR resources instead of the entire + service, you''ll also be protected against data leakage risks .Learn more + at: https://aka.ms/asrs/privatelink."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Machine Learning workspaces should be encrypted with a customer-managed key","description":"Manage + encryption at rest of your Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed key encryption at https://aka.ms/azureml-workspaces-cmk."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Machine Learning workspaces should use private link","description":"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you''ll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Web + Application Firewall (WAF) should be enabled for Azure Front Door Service + service","description":"Deploy Azure Web Application Firewall (WAF) in front + of public facing web applications for additional inspection of incoming traffic. + Web Application Firewall (WAF) provides centralized protection of your web + applications from common exploits and vulnerabilities such as SQL injections, + Cross-Site Scripting, local and remote file executions. You can also restrict + access to your web applications by countries, IP address ranges, and other + http(s) parameters via custom rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect":{"type":"String","metadata":{"displayName":"Web + Application Firewall (WAF) should be enabled for Application Gateway","description":"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for MariaDB servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for MariaDB can only be accessed from a private endpoint. This configuration + strictly disables access from any public address space outside of Azure IP + range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for MySQL servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for MySQL can only be accessed from a private endpoint. This configuration + strictly disables access from any public address space outside of Azure IP + range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Bring + your own key data protection should be enabled for MySQL servers","description":"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for PostgreSQL servers","description":"Disable + the public network access property to improve security and ensure your Azure + Database for PostgreSQL can only be accessed from a private endpoint. This + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect":{"type":"String","metadata":{"displayName":"Bring + your own key data protection should be enabled for PostgreSQL servers","description":"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect":{"type":"String","metadata":{"displayName":"VM + Image Builder templates should use private link","description":"Audit VM Image + Builder templates that do not have a virtual network configured. When a virtual + network is not configured, a public IP is created and used instead which may + directly expose resources to the internet and increase the potential attack + surface."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"firewallShouldBeEnabledOnKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Firewall + should be enabled on Key Vault","description":"Key vault''s firewall prevents + unauthorized traffic from reaching your key vault and provides an additional + layer of protection for your secrets. Enable the firewall to make sure that + only traffic from allowed networks can access your key vault."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Private + endpoint should be configured for Key Vault","description":"Private link provides + a way to connect Key Vault to your Azure resources without sending traffic + over the public internet. Private link provides defense in depth protection + against data exfiltration."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"azureSpringCloudShouldUseNetworkInjectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Spring Cloud should use network injection","description":"Azure Spring Cloud + instances should use virtual network injection for the following purposes: + 1. Isolate Azure Spring Cloud from Internet. 2. Enable Azure Spring Cloud + to interact with systems in either on premises data centers or Azure service + in other virtual networks. 3. Empower customers to control inbound and outbound + network communications for Azure Spring Cloud."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect":{"type":"String","metadata":{"displayName":"Subscriptions + should have a contact email address for security issues","description":"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, set a security contact + to receive email notifications from Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Auto + provisioning of the Log Analytics agent should be enabled on your subscription","description":"To + monitor for security vulnerabilities and threats, Azure Security Center collects + data from your Azure virtual machines. Data is collected by the Log Analytics + agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads + various security-related configurations and event logs from the machine and + copies the data to your Log Analytics workspace for analysis. We recommend + enabling auto provisioning to automatically deploy the agent to all supported + Azure VMs and any new ones that are created."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Email + notification for high severity alerts should be enabled","description":"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, enable email notifications + for high severity alerts in Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Email + notification to subscription owner for high severity alerts should be enabled","description":"To + ensure your subscription owners are notified when there is a potential security + breach in their subscription, set email notifications to subscription owners + for high severity alerts in Security Center."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage + account should use a private link connection","description":"Private links + enforce secure communication, by providing private connectivity to the storage + account"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect":{"type":"String","metadata":{"displayName":"Authentication + to Linux machines should require SSH keys","description":"Although SSH itself + provides an encrypted connection, using passwords with SSH still leaves the + VM vulnerable to brute-force attacks. The most secure option for authenticating + to an Azure Linux virtual machine over SSH is with a public-private key pair, + also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Private + endpoint connections on Azure SQL Database should be enabled","description":"Private + endpoint connections enforce secure communication by enabling private connectivity + to Azure SQL Database."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access on Azure SQL Database should be disabled","description":"Disabling + the public network access property improves security by ensuring your Azure + SQL Database can only be accessed from a private endpoint. This configuration + denies all logins that match IP or virtual network based firewall rules."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect":{"type":"String","metadata":{"displayName":"Ensure + API app has Client Certificates Incoming client certificates set to On","description":"Client + certificates allow for the app to request a certificate for incoming requests. + Only clients that have a valid certificate will be able to reach the app."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect":{"type":"String","metadata":{"displayName":"Kubernetes + clusters should be accessible only over HTTPS","description":"Use of HTTPS + ensures authentication and protects data in transit from network layer eavesdropping + attacks. This capability is currently generally available for Kubernetes Service + (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For + more info, visit https://aka.ms/kubepolicydoc"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSExcludedNamespaces":{"type":"Array","metadata":{"displayName":"Namespace + exclusions","description":"List of Kubernetes namespaces to exclude from policy + evaluation."},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSNamespaces":{"type":"Array","metadata":{"displayName":"Namespace + inclusions","description":"List of Kubernetes namespaces to only include in + policy evaluation. An empty list means the policy is applied to all resources + in all namespaces."},"defaultValue":[]},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect":{"type":"String","metadata":{"displayName":"Windows + web servers should be configured to use secure communication protocols","description":"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsIncludeArcMachines":{"type":"String","metadata":{"displayName":"Include + Arc connected servers","description":"By selecting this option, you agree + to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum + TLS version","description":"The minimum TLS protocol version that should be + enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"},"cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should restrict network access","description":"Network access + to Cognitive Services accounts should be restricted. Configure network rules + so only applications from allowed networks can access the Cognitive Services + account. To allow connections from specific internet or on-premises clients, + access can be granted to traffic from specific Azure virtual networks or to + public internet IP address ranges."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should use customer owned storage or enable data encryption","description":"This + policy audits any Cognitive Services account not using customer owned storage + nor data encryption. For each Cognitive Services account with storage, use + either customer owned storage or enable data encryption."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Public + network access should be disabled for Cognitive Services accounts","description":"This + policy audits any Cognitive Services account in your environment with public + network access enabled. Public network access should be disabled so that only + connections from private endpoints are allowed."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Cognitive + Services accounts should enable data encryption","description":"This policy + audits any Cognitive Services account not using data encryption. For each + Cognitive Services account with storage, should enable data encryption with + either customer managed or Microsoft managed key."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect":{"type":"String","metadata":{"displayName":"API + Management services should use a virtual network","description":"Azure Virtual + Network deployment provides enhanced security, isolation and allows you to + place your API Management service in a non-internet routable network that + you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"aPIManagementServicesShouldUseAVirtualNetworkEvaluatedSkuNames":{"type":"Array","metadata":{"displayName":"API + Management SKU Names","description":"List of API Management SKUs against which + this policy will be evaluated."},"allowedValues":["Developer","Basic","Standard","Premium","Consumption"],"defaultValue":["Developer","Premium"]},"azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Azure + Cosmos DB accounts should have firewall rules","description":"Firewall rules + should be defined on your Azure Cosmos DB accounts to prevent traffic from + unauthorized sources. Accounts that have at least one IP rule defined with + the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant."},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"networkWatcherShouldBeEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Network + Watcher should be enabled","description":"Network Watcher is a regional service + that enables you to monitor and diagnose conditions at a network scenario + level in, to, and from Azure. Scenario level monitoring enables you to diagnose + problems at an end to end network level view. Network diagnostic and visualization + tools available with Network Watcher help you understand, diagnose, and gain + insights to your network in Azure."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkWatcherShouldBeEnabledListOfLocations":{"type":"Array","metadata":{"displayName":"List + of regions where Network Watcher should be enabled","description":"To see + a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":["[]"]},"networkWatcherShouldBeEnabledResourceGroupName":{"type":"String","metadata":{"displayName":"Name + of the resource group for Network Watcher","description":"Name of the resource + group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"}},"policyDefinitions":[{"policyDefinitionReferenceId":"useServicePrincipalToProtectSubscriptionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''useServicePrincipalToProtectSubscriptionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"updateOsVersionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a913c68-0590-402c-a531-e57e19379da3","parameters":{"effect":{"value":"[parameters(''updateOsVersionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"resolveLogAnalyticsHealthIssuesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''resolveLogAnalyticsHealthIssuesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"installLogAnalyticsAgentOnVmssMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''installLogAnalyticsAgentOnVmssMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"certificatesValidityPeriodMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","parameters":{"effect":{"value":"[parameters(''certificatesValidityPeriodMonitoringEffect'')]"},"maximumValidityInMonths":{"value":"[parameters(''certificatesValidityPeriodInMonths'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"secretsExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''secretsExpirationSetEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"keysExpirationSet","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''keysExpirationSetEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-5","Azure_Security_Benchmark_v2.0_IM-7"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"gcExtOnVMMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''azurePolicyforWindowsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"gcExtOnVMWithNoSAMIMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''gcExtOnVMWithNoSAMIMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"windowsDefenderExploitGuardMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"effect":{"value":"[parameters(''windowsDefenderExploitGuardMonitoringEffect'')]"},"NotAvailableMachineState":{"value":"Compliant"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2"]},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsUpdateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsUpdateMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnInternalVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"serverSqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d","parameters":{"effect":{"value":"[parameters(''serverSqlDbVulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-1"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"AzureFirewallEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''AzureFirewallEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4","Azure_Security_Benchmark_v2.0_NS-5"]},{"policyDefinitionReferenceId":"ArcWindowsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''ArcWindowsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"ArcLinuxMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''ArcLinuxMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"keyVaultsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''keyVaultsAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"sqlServersAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''sqlServersAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"storageAccountsAdvancedDataSecurityMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''storageAccountsAdvancedDataSecurityMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"appServicesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''appServicesAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"containerRegistryAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''containerRegistryAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"kubernetesServiceAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"virtualMachinesAdvancedThreatProtectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''virtualMachinesAdvancedThreatProtectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5","Azure_Security_Benchmark_v2.0_ES-1"]},{"policyDefinitionReferenceId":"azurePolicyAddonStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''azurePolicyAddonStatusEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"effect":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterEffect'')]"},"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesInKubernetesClusterRegex'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerImagesNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"privilegedContainersShouldBeAvoided","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''privilegedContainersShouldBeAvoidedEffect'')]"},"excludedNamespaces":{"value":"[parameters(''privilegedContainerNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"allowedContainerPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"effect":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterEffect'')]"},"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedContainerPortsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"allowedServicePortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"effect":{"value":"[parameters(''allowedServicePortsInKubernetesClusterEffect'')]"},"allowedServicePortsList":{"value":"[parameters(''allowedservicePortsInKubernetesClusterPorts'')]"},"excludedNamespaces":{"value":"[parameters(''allowedServicePortsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"memoryAndCPULimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"effect":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterEffect'')]"},"cpuLimit":{"value":"[parameters(''CPUInKubernetesClusterLimit'')]"},"memoryLimit":{"value":"[parameters(''memoryInKubernetesClusterLimit'')]"},"excludedNamespaces":{"value":"[parameters(''memoryAndCPULimitsInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"MustRunAsNonRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''MustRunAsNonRootNamespaceEffect'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"excludedNamespaces":{"value":"[parameters(''MustRunAsNonRootNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"containerRegistryVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''containerRegistryVulnerabilityAssessmentEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"NoPrivilegeEscalationInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoPrivilegeEscalationInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"NoSharingSensitiveHostNamespacesInKubernetes","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesEffect'')]"},"excludedNamespaces":{"value":"[parameters(''NoSharingSensitiveHostNamespacesInKubernetesNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ReadOnlyRootFileSystemInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''ReadOnlyRootFileSystemInKubernetesClusterNamespaceExclusion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedCapabilitiesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterNamespaceExclusion'')]"},"allowedCapabilities":{"value":"[parameters(''AllowedCapabilitiesInKubernetesClusterList'')]"},"requiredDropCapabilities":{"value":"[parameters(''DropCapabilitiesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedAppArmorProfilesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterNamespaceExclusion'')]"},"allowedProfiles":{"value":"[parameters(''AllowedAppArmorProfilesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedHostNetworkingAndPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostNetworkingAndPortsInKubernetesClusterNamespaceExclusion'')]"},"allowHostNetwork":{"value":"[parameters(''AllowHostNetworkingInKubernetesCluster'')]"},"minPort":{"value":"[parameters(''AllowedHostMinPortInKubernetesCluster'')]"},"maxPort":{"value":"[parameters(''AllowedHostMaxPortInKubernetesCluster'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"AllowedHostPathVolumesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterEffect'')]"},"excludedNamespaces":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterNamespaceExclusion'')]"},"allowedHostPaths":{"value":"[parameters(''AllowedHostPathVolumesInKubernetesClusterList'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"StorageDisallowPublicAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''disallowPublicBlobAccessEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''azureBackupShouldBeEnabledForVirtualMachinesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMariadbMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForPostgresqlMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''georedundantBackupShouldBeEnabledForAzureDatabaseForMysqlMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''managedIdentityShouldBeUsedInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''latestTLSVersionShouldBeUsedInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheApiAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForPostgresqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMariadbServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeEnabledForMysqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sQLServersShouldBeConfiguredWithAuditingRetentionDaysGreaterThan90DaysMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-6"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourFunctionAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''fTPSShouldBeRequiredInYourWebAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''fTPSOnlyShouldBeRequiredInYourAPIAppMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''functionAppsShouldHaveClientCertificatesEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f","parameters":{"effect":{"value":"[parameters(''azureCosmosDbAccountsShouldUseCustomerManagedKeysToEncryptDataAtRestMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''keyVaultsShouldHavePurgeProtectionEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''keyVaultsShouldHaveSoftDeleteEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4","parameters":{"effect":{"value":"[parameters(''azureCacheForRedisShouldResideWithinAVirtualNetworkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldNotAllowUnrestrictedNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4","parameters":{"effect":{"value":"[parameters(''containerRegistriesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"appConfigurationShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7","parameters":{"effect":{"value":"[parameters(''appConfigurationShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca","parameters":{"effect":{"value":"[parameters(''azureEventGridDomainsShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f","parameters":{"effect":{"value":"[parameters(''azureEventGridTopicsShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSignalRServiceShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f","parameters":{"effect":{"value":"[parameters(''azureSignalRServiceShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8","parameters":{"effect":{"value":"[parameters(''azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab","parameters":{"effect":{"value":"[parameters(''azureMachineLearningWorkspacesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallShouldBeEnabledForAzureFrontDoorServiceServiceMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForMariaDbServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForMySqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833","parameters":{"effect":{"value":"[parameters(''bringYourOwnKeyDataProtectionShouldBeEnabledForMySqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForPostgreSqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274","parameters":{"effect":{"value":"[parameters(''bringYourOwnKeyDataProtectionShouldBeEnabledForPostgreSqlServersMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa","parameters":{"effect":{"value":"[parameters(''vmImageBuilderTemplatesShouldUsePrivateLinkMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"firewallShouldBeEnabledOnKeyVaultMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''firewallShouldBeEnabledOnKeyVaultMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147","parameters":{"effect":{"value":"[parameters(''privateEndpointShouldBeConfiguredForKeyVaultMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSpringCloudShouldUseNetworkInjectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4","parameters":{"effect":{"value":"[parameters(''azureSpringCloudShouldUseNetworkInjectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''subscriptionsShouldHaveAContactEmailAddressForSecurityIssuesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9","parameters":{"effect":{"value":"[parameters(''storageAccountShouldUseAPrivateLinkConnectionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6","parameters":{"effect":{"value":"[parameters(''authenticationToLinuxMachinesShouldRequireSSHKeysMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed","parameters":{"effect":{"value":"[parameters(''privateEndpointConnectionsOnAzureSQLDatabaseShouldBeEnabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessOnAzureSQLDatabaseShouldBeDisabledMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOnMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","parameters":{"effect":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSMonitoringEffect'')]"},"excludedNamespaces":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSExcludedNamespaces'')]"},"namespaces":{"value":"[parameters(''kubernetesClustersShouldBeAccessibleOnlyOverHTTPSNamespaces'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"effect":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMonitoringEffect'')]"},"IncludeArcMachines":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsIncludeArcMachines'')]"},"MinimumTLSVersion":{"value":"[parameters(''windowsWebServersShouldBeConfiguredToUseSecureCommunicationProtocolsMinimumTLSVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldRestrictNetworkAccessMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''publicNetworkAccessShouldBeDisabledForCognitiveServicesAccountsMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''cognitiveServicesAccountsShouldEnableDataEncryptionMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b","parameters":{"effect":{"value":"[parameters(''aPIManagementServicesShouldUseAVirtualNetworkMonitoringEffect'')]"},"evaluatedSkuNames":{"value":"[parameters(''aPIManagementServicesShouldUseAVirtualNetworkEvaluatedSkuNames'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb","parameters":{"effect":{"value":"[parameters(''azureCosmosDBAccountsShouldHaveFirewallRulesMonitoringEffect'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabledMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"effect":{"value":"[parameters(''networkWatcherShouldBeEnabledMonitoringEffect'')]"},"listOfLocations":{"value":"[parameters(''networkWatcherShouldBeEnabledListOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''networkWatcherShouldBeEnabledResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v2.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-1"},{"name":"Azure_Security_Benchmark_v2.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-2"},{"name":"Azure_Security_Benchmark_v2.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-3"},{"name":"Azure_Security_Benchmark_v2.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-4"},{"name":"Azure_Security_Benchmark_v2.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-5"},{"name":"Azure_Security_Benchmark_v2.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-6"},{"name":"Azure_Security_Benchmark_v2.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-1"},{"name":"Azure_Security_Benchmark_v2.0_IM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-2"},{"name":"Azure_Security_Benchmark_v2.0_IM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-3"},{"name":"Azure_Security_Benchmark_v2.0_IM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-4"},{"name":"Azure_Security_Benchmark_v2.0_IM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-5"},{"name":"Azure_Security_Benchmark_v2.0_IM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-6"},{"name":"Azure_Security_Benchmark_v2.0_IM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-8"},{"name":"Azure_Security_Benchmark_v2.0_PA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-1"},{"name":"Azure_Security_Benchmark_v2.0_PA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-2"},{"name":"Azure_Security_Benchmark_v2.0_PA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-3"},{"name":"Azure_Security_Benchmark_v2.0_PA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-4"},{"name":"Azure_Security_Benchmark_v2.0_PA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-5"},{"name":"Azure_Security_Benchmark_v2.0_PA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-6"},{"name":"Azure_Security_Benchmark_v2.0_PA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-7"},{"name":"Azure_Security_Benchmark_v2.0_PA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-8"},{"name":"Azure_Security_Benchmark_v2.0_DP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-1"},{"name":"Azure_Security_Benchmark_v2.0_DP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-2"},{"name":"Azure_Security_Benchmark_v2.0_DP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-3"},{"name":"Azure_Security_Benchmark_v2.0_DP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-4"},{"name":"Azure_Security_Benchmark_v2.0_DP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-1"},{"name":"Azure_Security_Benchmark_v2.0_AM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-2"},{"name":"Azure_Security_Benchmark_v2.0_AM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-3"},{"name":"Azure_Security_Benchmark_v2.0_AM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-4"},{"name":"Azure_Security_Benchmark_v2.0_AM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-1"},{"name":"Azure_Security_Benchmark_v2.0_LT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-2"},{"name":"Azure_Security_Benchmark_v2.0_LT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-3"},{"name":"Azure_Security_Benchmark_v2.0_LT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-4"},{"name":"Azure_Security_Benchmark_v2.0_LT-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-5"},{"name":"Azure_Security_Benchmark_v2.0_LT-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-7"},{"name":"Azure_Security_Benchmark_v2.0_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-1"},{"name":"Azure_Security_Benchmark_v2.0_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-2"},{"name":"Azure_Security_Benchmark_v2.0_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-3"},{"name":"Azure_Security_Benchmark_v2.0_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-4"},{"name":"Azure_Security_Benchmark_v2.0_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-5"},{"name":"Azure_Security_Benchmark_v2.0_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-1"},{"name":"Azure_Security_Benchmark_v2.0_PV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-2"},{"name":"Azure_Security_Benchmark_v2.0_PV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-3"},{"name":"Azure_Security_Benchmark_v2.0_PV-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-4"},{"name":"Azure_Security_Benchmark_v2.0_PV-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-5"},{"name":"Azure_Security_Benchmark_v2.0_PV-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-7"},{"name":"Azure_Security_Benchmark_v2.0_PV-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-8"},{"name":"Azure_Security_Benchmark_v2.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-1"},{"name":"Azure_Security_Benchmark_v2.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-2"},{"name":"Azure_Security_Benchmark_v2.0_ES-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-1"},{"name":"Azure_Security_Benchmark_v2.0_BR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-2"},{"name":"Azure_Security_Benchmark_v2.0_BR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-1"},{"name":"Azure_Security_Benchmark_v2.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-2"},{"name":"Azure_Security_Benchmark_v2.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-3"},{"name":"Azure_Security_Benchmark_v2.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-5"},{"name":"Azure_Security_Benchmark_v2.0_GS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-6"},{"name":"Azure_Security_Benchmark_v2.0_GS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-7"},{"name":"Azure_Security_Benchmark_v2.0_GS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information @@ -7239,7 +11365,7 @@ interactions: initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more - information, visit https://aka.ms/AustralianGovernmentISM-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + information, visit https://aka.ms/AustralianGovernmentISM-blueprint.","metadata":{"version":"4.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -7273,7 +11399,7 @@ interactions: An Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Only secure connections to your Redis Cache should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + or disable the monitoring of resource logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Endpoint protection solution should be installed on virtual machine scale sets","description":"Enable or disable the monitoring of virtual machine scale sets endpoint protection monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToIncludeWindows":{"type":"Array","metadata":{"displayName":"[Preview]: @@ -7305,10 +11431,10 @@ interactions: or disable the monitoring of the use of HTTPS in Function App v2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"vulnerabilityAssessmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"logProfilesForActivityLogEffect":{"type":"String","metadata":{"displayName":"[Preview]: + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"logProfilesForActivityLogEffect":{"type":"String","metadata":{"displayName":"[Preview]: Azure subscriptions should have a log profile for Activity Log","description":"Enable or disable the monitoring of a log profile for Activity Log in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"}},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"}},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: System updates should be installed on your machines","description":"Enable or disable the monitoring of system updates reporting"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Latest TLS version should be used for App Service","description":"Enable or @@ -7385,28 +11511,28 @@ interactions: or disable the monitoring of the latest TLS version in Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentEmailSettingForReceivingScanReports","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''auditUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logProfilesForActivityLog","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''logProfilesForActivityLogEffect'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''anitmalwareRequiredForWindowsServersEffect'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"AzureBaselineSecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"enforcePasswordHistory":{"value":"[parameters(''enforcePasswordHistory'')]"},"maximumPasswordAge":{"value":"[parameters(''maximumPasswordAge'')]"},"minimumPasswordAge":{"value":"[parameters(''minimumPasswordAge'')]"},"minimumPasswordLength":{"value":"[parameters(''minimumPasswordLength'')]"},"passwordMustMeetComplexityRequirements":{"value":"[parameters(''passwordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077","type":"Microsoft.Authorization/policySetDefinitions","name":"27272c0b-c225-4cc3-b8b0-f2534b093077"},{"properties":{"displayName":"UK + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentEmailSettingForReceivingScanReports","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''auditUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logAnalyticsOSImageVMSSAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToIncludeWindows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToIncludeLinux'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"logProfilesForActivityLog","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''logProfilesForActivityLogEffect'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"anitmalwareRequiredForWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''anitmalwareRequiredForWindowsServersEffect'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"minimumTLSVersion":{"value":"[parameters(''minimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"AzureBaselineSecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"enforcePasswordHistory":{"value":"[parameters(''enforcePasswordHistory'')]"},"maximumPasswordAge":{"value":"[parameters(''maximumPasswordAge'')]"},"minimumPasswordAge":{"value":"[parameters(''minimumPasswordAge'')]"},"minimumPasswordLength":{"value":"[parameters(''minimumPasswordLength'')]"},"passwordMustMeetComplexityRequirements":{"value":"[parameters(''passwordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077","type":"Microsoft.Authorization/policySetDefinitions","name":"27272c0b-c225-4cc3-b8b0-f2534b093077"},{"properties":{"displayName":"UK OFFICIAL and UK NHS","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-blueprint - and https://aka.ms/uknhs-blueprint.","metadata":{"version":"4.0.0","category":"Regulatory + and https://aka.ms/uknhs-blueprint.","metadata":{"version":"6.0.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]: + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["UK_NCSC_CSP_9.1","UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["UK_NCSC_CSP_5.3","UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["UK_NCSC_CSP_2.3"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["UK_NCSC_CSP_5.3","UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["UK_NCSC_CSP_10"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2","UK_NCSC_CSP_13"]},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["UK_NCSC_CSP_5.2"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["UK_NCSC_CSP_5.3"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["UK_NCSC_CSP_5.3"]},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["UK_NCSC_CSP_11"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["UK_NCSC_CSP_1"]},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["UK_NCSC_CSP_1"]}],"policyDefinitionGroups":[{"name":"UK_NCSC_CSP_1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_1"},{"name":"UK_NCSC_CSP_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.1"},{"name":"UK_NCSC_CSP_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.2"},{"name":"UK_NCSC_CSP_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.3"},{"name":"UK_NCSC_CSP_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.4"},{"name":"UK_NCSC_CSP_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.5"},{"name":"UK_NCSC_CSP_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_2.6"},{"name":"UK_NCSC_CSP_3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_3"},{"name":"UK_NCSC_CSP_4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_4"},{"name":"UK_NCSC_CSP_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.1"},{"name":"UK_NCSC_CSP_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.2"},{"name":"UK_NCSC_CSP_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.3"},{"name":"UK_NCSC_CSP_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_5.4"},{"name":"UK_NCSC_CSP_6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_6"},{"name":"UK_NCSC_CSP_7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_7"},{"name":"UK_NCSC_CSP_8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_8"},{"name":"UK_NCSC_CSP_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_9.1"},{"name":"UK_NCSC_CSP_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_9.2"},{"name":"UK_NCSC_CSP_10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_10"},{"name":"UK_NCSC_CSP_11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_11"},{"name":"UK_NCSC_CSP_12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_12"},{"name":"UK_NCSC_CSP_13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_13"},{"name":"UK_NCSC_CSP_14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/UK_NCSC_CSP_14"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]: SWIFT CSP-CSCF v2020","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added - in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.","metadata":{"version":"3.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"[Preview]: Connected workspace IDs","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: Members to include","description":"A semicolon-separated list of members that @@ -7418,44 +11544,45 @@ interactions: initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.1.1-deprecated","category":"Guest - Configuration","deprecated":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Preview]: - Azure Security Benchmark","policyType":"BuiltIn","description":"This initiative - includes audit and virtual machine extension deployment policies that address - a subset of Azure Security Benchmark recommendations. Additional policies - will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.","metadata":{"version":"6.1.0-preview","preview":true,"category":"Regulatory - Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: + Configuration","deprecated":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Deprecated]: + Azure Security Benchmark v1","policyType":"BuiltIn","description":"This initiative + has been deprecated. The Azure Security Benchmark initiative now represents + the Azure Security Benchmark v2 controls, and serves as the Azure Security + Center default policy initiative. Please assign that initiative, or manage + its policies and compliance results within Azure Security Center.","metadata":{"version":"7.0.2-deprecated","deprecated":true,"category":"Regulatory + Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Deprecated]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc - connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users excluded from Windows VM Administrators group","description":"A semicolon-separated list of members that should be excluded in the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users that must be included in Windows VM Administrators group","description":"A semicolon-separated list of members that should be included in the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfOnlyMembersInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfOnlyMembersInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"[Deprecated]: List of users that Windows VM Administrators group must *only* include","description":"A semicolon-separated list of all the expected members of the Administrators - local group. Ex: Administrator; myUser1; myUser2"}},"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: + local group. Ex: Administrator; myUser1; myUser2"}},"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"[Deprecated]: List of regions where Network Watcher should be enabled","description":"To - see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","germanynorth","germanywestcentral","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","norwayeast","norwaywest","southafricanorth","southafricawest","southcentralus","southeastasia","southindia","switzerlandnorth","switzerlandwest","uaecentral","uaenorth","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"[Preview]: + see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","germanynorth","germanywestcentral","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","norwayeast","norwaywest","southafricanorth","southafricawest","southcentralus","southeastasia","southindia","switzerlandnorth","switzerlandwest","uaecentral","uaenorth","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]},"NetworkWatcherResourceGroupName":{"type":"String","metadata":{"displayName":"[Deprecated]: NetworkWatcher resource group name","description":"Name of the resource group - of NetworkWatcher, such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"approvedVirtualNetworkForVMs":{"type":"String","metadata":{"displayName":"[Preview]: - Virtual network where VMs should be connected","description":"Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name","strongType":"Microsoft.Network/virtualNetworks"}},"approvedNetworkGatewayforVirtualNetworks":{"type":"String","metadata":{"displayName":"[Preview]: + of NetworkWatcher, such as NetworkWatcherRG"},"defaultValue":"NetworkWatcherRG"},"approvedVirtualNetworkForVMs":{"type":"String","metadata":{"displayName":"[Deprecated]: + Virtual network where VMs should be connected","description":"Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name","strongType":"Microsoft.Network/virtualNetworks"}},"approvedNetworkGatewayforVirtualNetworks":{"type":"String","metadata":{"displayName":"[Deprecated]: Network gateway that virtual networks should use","description":"Example: - /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name","strongType":"Microsoft.Network/virtualNetworkGateways"}},"listOfWorkspaceIDsForLogAnalyticsAgent":{"type":"String","metadata":{"displayName":"[Preview]: + /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name","strongType":"Microsoft.Network/virtualNetworkGateways"}},"listOfWorkspaceIDsForLogAnalyticsAgent":{"type":"String","metadata":{"displayName":"[Deprecated]: List of workspace IDs where Log Analytics agents should connect","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent - should be connected to"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Preview]: - List of resource types that should have diagnostic logs enabled","description":"Audit - diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: - Latest PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + should be connected to"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of resource types that should have resource logs enabled","description":"Audit + diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Java version","description":"Latest supported Java version for App - Services"},"defaultValue":"11"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Services"},"defaultValue":"11"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Windows Python version","description":"Latest supported Python version - for App Services","deprecated":true},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + for App Services","deprecated":true},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: Latest Linux Python version","description":"Latest supported Python version - for App Services"},"defaultValue":"3.8"}},"policyDefinitions":[{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.11","Azure_Security_Benchmark_v1.0_9.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"22730e10-96f6-4aac-ad84-9383d35b5917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"235359c5-7c52-4b82-9055-01c75cf9f60e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"37e0d2fe-28a5-43d6-a273-67d37d1f5606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_4.9"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.8","Azure_Security_Benchmark_v1.0_6.10"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"6265018c-d7e2-432f-a75d-094d5f6f4465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WorkspaceId":{"value":"[parameters(''listOfWorkspaceIDsForLogAnalyticsAgent'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"760a85ff-6162-42b3-8d70-698e268f648c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"caf2d518-f029-4f6b-833b-d7081702f253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"67e010c1-640d-438e-a3a5-feaccb533a98","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b4d66858-c922-44e3-9566-5cdb7a7be744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.2","Azure_Security_Benchmark_v1.0_1.5"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"Members":{"value":"[parameters(''listOfOnlyMembersInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"bd352bd5-2853-4985-bf0d-73806b4a5744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.3"]},{"policyDefinitionReferenceId":"c4857be7-912a-4c75-87e6-e30292bcdf78","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.1","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"d416745a-506c-48b6-8ab1-83cb814bcaa3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"virtualNetworkId":{"value":"[parameters(''approvedVirtualNetworkForVMs'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"d63edb4a-c612-454d-b47d-191a724fcbf0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"ea4d6841-2173-4317-9747-ff522a45120f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"f1776c76-f58c-4245-a8d0-2b207198dc8b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","parameters":{"virtualNetworkGatewayId":{"value":"[parameters(''approvedNetworkGatewayforVirtualNetworks'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"0564d078-92f5-4f97-8398-b9f58a51f70b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0a1302fb-a631-4106-9753-f3d494733990","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"7595c971-233d-4bcf-bd18-596129188c49","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"7ff426e2-515f-405a-91c8-4f2333442eb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.5"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"},{"name":"Azure_Security_Benchmark_v1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"},{"name":"Azure_Security_Benchmark_v1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"},{"name":"Azure_Security_Benchmark_v1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"},{"name":"Azure_Security_Benchmark_v1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"},{"name":"Azure_Security_Benchmark_v1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"},{"name":"Azure_Security_Benchmark_v1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"},{"name":"Azure_Security_Benchmark_v1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"},{"name":"Azure_Security_Benchmark_v1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"},{"name":"Azure_Security_Benchmark_v1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"},{"name":"Azure_Security_Benchmark_v1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"},{"name":"Azure_Security_Benchmark_v1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"},{"name":"Azure_Security_Benchmark_v1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"},{"name":"Azure_Security_Benchmark_v1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"},{"name":"Azure_Security_Benchmark_v1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"},{"name":"Azure_Security_Benchmark_v1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"},{"name":"Azure_Security_Benchmark_v1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"},{"name":"Azure_Security_Benchmark_v1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"},{"name":"Azure_Security_Benchmark_v1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"},{"name":"Azure_Security_Benchmark_v1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"},{"name":"Azure_Security_Benchmark_v1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"},{"name":"Azure_Security_Benchmark_v1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"},{"name":"Azure_Security_Benchmark_v1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"},{"name":"Azure_Security_Benchmark_v1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"},{"name":"Azure_Security_Benchmark_v1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"},{"name":"Azure_Security_Benchmark_v1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"},{"name":"Azure_Security_Benchmark_v1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"},{"name":"Azure_Security_Benchmark_v1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"},{"name":"Azure_Security_Benchmark_v1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"},{"name":"Azure_Security_Benchmark_v1.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"},{"name":"Azure_Security_Benchmark_v1.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"},{"name":"Azure_Security_Benchmark_v1.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"},{"name":"Azure_Security_Benchmark_v1.0_3.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"},{"name":"Azure_Security_Benchmark_v1.0_3.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"},{"name":"Azure_Security_Benchmark_v1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"},{"name":"Azure_Security_Benchmark_v1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"},{"name":"Azure_Security_Benchmark_v1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"},{"name":"Azure_Security_Benchmark_v1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"},{"name":"Azure_Security_Benchmark_v1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"},{"name":"Azure_Security_Benchmark_v1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"},{"name":"Azure_Security_Benchmark_v1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"},{"name":"Azure_Security_Benchmark_v1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"},{"name":"Azure_Security_Benchmark_v1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"},{"name":"Azure_Security_Benchmark_v1.0_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"},{"name":"Azure_Security_Benchmark_v1.0_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"},{"name":"Azure_Security_Benchmark_v1.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"},{"name":"Azure_Security_Benchmark_v1.0_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"},{"name":"Azure_Security_Benchmark_v1.0_5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"},{"name":"Azure_Security_Benchmark_v1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"},{"name":"Azure_Security_Benchmark_v1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"},{"name":"Azure_Security_Benchmark_v1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"},{"name":"Azure_Security_Benchmark_v1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"},{"name":"Azure_Security_Benchmark_v1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"},{"name":"Azure_Security_Benchmark_v1.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"},{"name":"Azure_Security_Benchmark_v1.0_6.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"},{"name":"Azure_Security_Benchmark_v1.0_6.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"},{"name":"Azure_Security_Benchmark_v1.0_6.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"},{"name":"Azure_Security_Benchmark_v1.0_6.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"},{"name":"Azure_Security_Benchmark_v1.0_6.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"},{"name":"Azure_Security_Benchmark_v1.0_6.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"},{"name":"Azure_Security_Benchmark_v1.0_6.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"},{"name":"Azure_Security_Benchmark_v1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"},{"name":"Azure_Security_Benchmark_v1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"},{"name":"Azure_Security_Benchmark_v1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"},{"name":"Azure_Security_Benchmark_v1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"},{"name":"Azure_Security_Benchmark_v1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"},{"name":"Azure_Security_Benchmark_v1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"},{"name":"Azure_Security_Benchmark_v1.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"},{"name":"Azure_Security_Benchmark_v1.0_7.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"},{"name":"Azure_Security_Benchmark_v1.0_7.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"},{"name":"Azure_Security_Benchmark_v1.0_7.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"},{"name":"Azure_Security_Benchmark_v1.0_7.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"},{"name":"Azure_Security_Benchmark_v1.0_7.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"},{"name":"Azure_Security_Benchmark_v1.0_7.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"},{"name":"Azure_Security_Benchmark_v1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"},{"name":"Azure_Security_Benchmark_v1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"},{"name":"Azure_Security_Benchmark_v1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"},{"name":"Azure_Security_Benchmark_v1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"},{"name":"Azure_Security_Benchmark_v1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"},{"name":"Azure_Security_Benchmark_v1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"},{"name":"Azure_Security_Benchmark_v1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"},{"name":"Azure_Security_Benchmark_v1.0_10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"},{"name":"Azure_Security_Benchmark_v1.0_10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"},{"name":"Azure_Security_Benchmark_v1.0_10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"},{"name":"Azure_Security_Benchmark_v1.0_10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"},{"name":"Azure_Security_Benchmark_v1.0_10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"},{"name":"Azure_Security_Benchmark_v1.0_11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"},{"name":"Azure_Security_Benchmark_v1.0_10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92","type":"Microsoft.Authorization/policySetDefinitions","name":"42a694ed-f65e-42b2-aa9e-8052e9740a92"},{"properties":{"displayName":"Kubernetes + for App Services"},"defaultValue":"3.8"}},"policyDefinitions":[{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.11","Azure_Security_Benchmark_v1.0_9.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"22730e10-96f6-4aac-ad84-9383d35b5917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"235359c5-7c52-4b82-9055-01c75cf9f60e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"37e0d2fe-28a5-43d6-a273-67d37d1f5606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.9"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_4.9"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_6.8","Azure_Security_Benchmark_v1.0_6.10"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_10.4"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.8"]},{"policyDefinitionReferenceId":"6265018c-d7e2-432f-a75d-094d5f6f4465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WorkspaceId":{"value":"[parameters(''listOfWorkspaceIDsForLogAnalyticsAgent'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"caf2d518-f029-4f6b-833b-d7081702f253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"67e010c1-640d-438e-a3a5-feaccb533a98","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.7","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.6"]},{"policyDefinitionReferenceId":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.1"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.9"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.2","Azure_Security_Benchmark_v1.0_1.5"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"Members":{"value":"[parameters(''listOfOnlyMembersInWindowsVMAdministratorsGroup'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_3.3"]},{"policyDefinitionReferenceId":"bd352bd5-2853-4985-bf0d-73806b4a5744","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.2"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.8","Azure_Security_Benchmark_v1.0_8.3"]},{"policyDefinitionReferenceId":"c4857be7-912a-4c75-87e6-e30292bcdf78","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_7.12"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.1","Azure_Security_Benchmark_v1.0_4.5"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_9.1","Azure_Security_Benchmark_v1.0_9.2"]},{"policyDefinitionReferenceId":"d416745a-506c-48b6-8ab1-83cb814bcaa3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"virtualNetworkId":{"value":"[parameters(''approvedVirtualNetworkForVMs'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"d63edb4a-c612-454d-b47d-191a724fcbf0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.5"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5","Azure_Security_Benchmark_v1.0_7.4","Azure_Security_Benchmark_v1.0_7.10"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.3"]},{"policyDefinitionReferenceId":"ea4d6841-2173-4317-9747-ff522a45120f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.1"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.2","Azure_Security_Benchmark_v1.0_2.4"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"f1776c76-f58c-4245-a8d0-2b207198dc8b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","parameters":{"virtualNetworkGatewayId":{"value":"[parameters(''approvedNetworkGatewayforVirtualNetworks'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_1.11"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_3.1","Azure_Security_Benchmark_v1.0_3.10"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_5.3"]},{"policyDefinitionReferenceId":"0564d078-92f5-4f97-8398-b9f58a51f70b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"0a1302fb-a631-4106-9753-f3d494733990","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"7595c971-233d-4bcf-bd18-596129188c49","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_1.1","Azure_Security_Benchmark_v1.0_1.4"]},{"policyDefinitionReferenceId":"7ff426e2-515f-405a-91c8-4f2333442eb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.3"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_2.5"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{},"groupNames":["Azure_Security_Benchmark_v1.0_4.4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v1.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"},{"name":"Azure_Security_Benchmark_v1.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"},{"name":"Azure_Security_Benchmark_v1.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"},{"name":"Azure_Security_Benchmark_v1.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"},{"name":"Azure_Security_Benchmark_v1.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"},{"name":"Azure_Security_Benchmark_v1.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"},{"name":"Azure_Security_Benchmark_v1.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"},{"name":"Azure_Security_Benchmark_v1.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"},{"name":"Azure_Security_Benchmark_v1.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"},{"name":"Azure_Security_Benchmark_v1.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"},{"name":"Azure_Security_Benchmark_v1.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"},{"name":"Azure_Security_Benchmark_v1.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"},{"name":"Azure_Security_Benchmark_v1.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"},{"name":"Azure_Security_Benchmark_v1.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"},{"name":"Azure_Security_Benchmark_v1.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"},{"name":"Azure_Security_Benchmark_v1.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"},{"name":"Azure_Security_Benchmark_v1.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"},{"name":"Azure_Security_Benchmark_v1.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"},{"name":"Azure_Security_Benchmark_v1.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"},{"name":"Azure_Security_Benchmark_v1.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"},{"name":"Azure_Security_Benchmark_v1.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"},{"name":"Azure_Security_Benchmark_v1.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"},{"name":"Azure_Security_Benchmark_v1.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"},{"name":"Azure_Security_Benchmark_v1.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"},{"name":"Azure_Security_Benchmark_v1.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"},{"name":"Azure_Security_Benchmark_v1.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"},{"name":"Azure_Security_Benchmark_v1.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"},{"name":"Azure_Security_Benchmark_v1.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"},{"name":"Azure_Security_Benchmark_v1.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"},{"name":"Azure_Security_Benchmark_v1.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"},{"name":"Azure_Security_Benchmark_v1.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"},{"name":"Azure_Security_Benchmark_v1.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"},{"name":"Azure_Security_Benchmark_v1.0_3.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"},{"name":"Azure_Security_Benchmark_v1.0_3.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"},{"name":"Azure_Security_Benchmark_v1.0_4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"},{"name":"Azure_Security_Benchmark_v1.0_4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"},{"name":"Azure_Security_Benchmark_v1.0_4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"},{"name":"Azure_Security_Benchmark_v1.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"},{"name":"Azure_Security_Benchmark_v1.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"},{"name":"Azure_Security_Benchmark_v1.0_4.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"},{"name":"Azure_Security_Benchmark_v1.0_4.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"},{"name":"Azure_Security_Benchmark_v1.0_4.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"},{"name":"Azure_Security_Benchmark_v1.0_4.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"},{"name":"Azure_Security_Benchmark_v1.0_5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"},{"name":"Azure_Security_Benchmark_v1.0_5.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"},{"name":"Azure_Security_Benchmark_v1.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"},{"name":"Azure_Security_Benchmark_v1.0_5.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"},{"name":"Azure_Security_Benchmark_v1.0_5.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"},{"name":"Azure_Security_Benchmark_v1.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"},{"name":"Azure_Security_Benchmark_v1.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"},{"name":"Azure_Security_Benchmark_v1.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"},{"name":"Azure_Security_Benchmark_v1.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"},{"name":"Azure_Security_Benchmark_v1.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"},{"name":"Azure_Security_Benchmark_v1.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"},{"name":"Azure_Security_Benchmark_v1.0_6.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"},{"name":"Azure_Security_Benchmark_v1.0_6.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"},{"name":"Azure_Security_Benchmark_v1.0_6.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"},{"name":"Azure_Security_Benchmark_v1.0_6.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"},{"name":"Azure_Security_Benchmark_v1.0_6.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"},{"name":"Azure_Security_Benchmark_v1.0_6.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"},{"name":"Azure_Security_Benchmark_v1.0_6.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"},{"name":"Azure_Security_Benchmark_v1.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"},{"name":"Azure_Security_Benchmark_v1.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"},{"name":"Azure_Security_Benchmark_v1.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"},{"name":"Azure_Security_Benchmark_v1.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"},{"name":"Azure_Security_Benchmark_v1.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"},{"name":"Azure_Security_Benchmark_v1.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"},{"name":"Azure_Security_Benchmark_v1.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"},{"name":"Azure_Security_Benchmark_v1.0_7.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"},{"name":"Azure_Security_Benchmark_v1.0_7.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"},{"name":"Azure_Security_Benchmark_v1.0_7.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"},{"name":"Azure_Security_Benchmark_v1.0_7.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"},{"name":"Azure_Security_Benchmark_v1.0_7.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"},{"name":"Azure_Security_Benchmark_v1.0_7.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"},{"name":"Azure_Security_Benchmark_v1.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"},{"name":"Azure_Security_Benchmark_v1.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"},{"name":"Azure_Security_Benchmark_v1.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"},{"name":"Azure_Security_Benchmark_v1.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"},{"name":"Azure_Security_Benchmark_v1.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"},{"name":"Azure_Security_Benchmark_v1.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"},{"name":"Azure_Security_Benchmark_v1.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"},{"name":"Azure_Security_Benchmark_v1.0_10.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"},{"name":"Azure_Security_Benchmark_v1.0_10.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"},{"name":"Azure_Security_Benchmark_v1.0_10.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"},{"name":"Azure_Security_Benchmark_v1.0_10.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"},{"name":"Azure_Security_Benchmark_v1.0_10.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"},{"name":"Azure_Security_Benchmark_v1.0_11.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"},{"name":"Azure_Security_Benchmark_v1.0_10.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92","type":"Microsoft.Authorization/policySetDefinitions","name":"42a694ed-f65e-42b2-aa9e-8052e9740a92"},{"properties":{"displayName":"Kubernetes cluster pod security restricted standards for Linux-based workloads","policyType":"BuiltIn","description":"This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), @@ -7472,17 +11599,17 @@ interactions: v3.2.1:2018","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/pciv321-init.","metadata":{"version":"2.0.0-preview","category":"Regulatory + releases. For more information, visit https://aka.ms/pciv321-init.","metadata":{"version":"3.0.2","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"Canada + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"Canada Federal PBMM","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint.","metadata":{"version":"5.0.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -7491,13 +11618,13 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members to include","description":"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["CSSS_IA-2(1)"]},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["CSSS_IA-2(1)"]},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["CSSS_SI-2"]},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["CSSS_AC-4"]},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["CSSS_SC-7"]},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["CSSS_AC-2"]},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["CSSS_AU-3","CSSS_AU-12","CSSS_SI-4"]},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["CSSS_SC-5"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_AC-17(1)","CSSS_IA-5","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_AC-17(1)","CSSS_IA-5","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["CSSS_AC-5","CSSS_AC-6","CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["CSSS_AC-17(1)","CSSS_IA-5"]},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["CSSS_SI-3","CSSS_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_IA-5(1)"]},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["CSSS_SC-7"]},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["CSSS_SI-3","CSSS_SI-3(1)"]},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["CSSS_SI-2"]},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["CSSS_CM-7(5)","CSSS_CM-11"]},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["CSSS_SC-7(3)","CSSS_SC-7(4)"]},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["CSSS_RA-5","CSSS_SI-2"]},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["CSSS_SC-28"]},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["CSSS_RA-5"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["CSSS_AU-5","CSSS_AU-12"]},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["CSSS_AC-2(7)"]},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["CSSS_SC-8(1)"]},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12","CSSS_RA-5","CSSS_SC-28","CSSS_SI-4"]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12"]},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["CSSS_AU-5","CSSS_AU-12","CSSS_RA-5","CSSS_SC-28","CSSS_SI-4"]},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["CSSS_SC-28"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["CSSS_AC-17(1)","CSSS_SC-7"]},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["CSSS_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["CSSS_CP-7"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["CSSS_AC-5","CSSS_AC-6"]},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["CSSS_SC-8(1)"]}],"policyDefinitionGroups":[{"name":"CCCS_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-1"},{"name":"CSSS_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-2"},{"name":"CCCS_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(1)"},{"name":"CCCS_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(2)"},{"name":"CCCS_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(3)"},{"name":"CCCS_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(4)"},{"name":"CCCS_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(5)"},{"name":"CSSS_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-2(7)"},{"name":"CCCS_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(9)"},{"name":"CCCS_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-2(10)"},{"name":"CCCS_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-3"},{"name":"CSSS_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-4"},{"name":"CCCS_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-4(21)"},{"name":"CSSS_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-5"},{"name":"CSSS_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-6"},{"name":"CCCS_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(1)"},{"name":"CCCS_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(2)"},{"name":"CCCS_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(5)"},{"name":"CCCS_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(9)"},{"name":"CCCS_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-6(10)"},{"name":"CCCS_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-7"},{"name":"CCCS_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-8"},{"name":"CCCS_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-10"},{"name":"CCCS_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-11"},{"name":"CCCS_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-11(1)"},{"name":"CCCS_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-12"},{"name":"CCCS_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-14"},{"name":"CCCS_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17"},{"name":"CSSS_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AC-17(1)"},{"name":"CCCS_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(2)"},{"name":"CCCS_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(3)"},{"name":"CCCS_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(4)"},{"name":"CCCS_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(9)"},{"name":"CCCS_AC-17(100)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-17(100)"},{"name":"CCCS_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18"},{"name":"CCCS_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18(1)"},{"name":"CCCS_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-18(4)"},{"name":"CCCS_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-19"},{"name":"CCCS_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20"},{"name":"CCCS_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20(1)"},{"name":"CCCS_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-20(2)"},{"name":"CCCS_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-21"},{"name":"CCCS_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AC-22"},{"name":"CCCS_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-1"},{"name":"CCCS_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-2"},{"name":"CCCS_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-2(2)"},{"name":"CCCS_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-3"},{"name":"CCCS_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AT-4"},{"name":"CCCS_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-1"},{"name":"CCCS_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-2"},{"name":"CCCS_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-2(3)"},{"name":"CSSS_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-3"},{"name":"CCCS_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-3(1)"},{"name":"CSSS_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-5"},{"name":"CCCS_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6"},{"name":"CCCS_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6(1)"},{"name":"CCCS_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-6(3)"},{"name":"CCCS_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-7"},{"name":"CCCS_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-7(1)"},{"name":"CCCS_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-8"},{"name":"CCCS_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-8(1)"},{"name":"CCCS_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9"},{"name":"CCCS_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9(2)"},{"name":"CCCS_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-9(4)"},{"name":"CCCS_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_AU-11"},{"name":"CSSS_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_AU-12"},{"name":"CCCS_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-1"},{"name":"CCCS_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2"},{"name":"CCCS_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(1)"},{"name":"CCCS_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(2)"},{"name":"CCCS_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-2(3)"},{"name":"CCCS_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3"},{"name":"CCCS_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3(3)"},{"name":"CCCS_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-3(5)"},{"name":"CCCS_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-5"},{"name":"CCCS_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-6"},{"name":"CCCS_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-7"},{"name":"CCCS_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-7(1)"},{"name":"CCCS_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-8"},{"name":"CCCS_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-8(1)"},{"name":"CCCS_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CA-9"},{"name":"CCCS_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-1"},{"name":"CCCS_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2"},{"name":"CCCS_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(1)"},{"name":"CCCS_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(2)"},{"name":"CCCS_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(3)"},{"name":"CCCS_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-2(7)"},{"name":"CCCS_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3"},{"name":"CCCS_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3(4)"},{"name":"CCCS_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-3(6)"},{"name":"CCCS_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-4"},{"name":"CCCS_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5"},{"name":"CCCS_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5(1)"},{"name":"CSSS_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CM-7(5)"},{"name":"CCCS_CM-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-5(6)"},{"name":"CCCS_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6"},{"name":"CCCS_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6(1)"},{"name":"CCCS_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-6(2)"},{"name":"CCCS_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7"},{"name":"CCCS_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7(1)"},{"name":"CCCS_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-7(5)"},{"name":"CCCS_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8"},{"name":"CCCS_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(1)"},{"name":"CCCS_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(2)"},{"name":"CCCS_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(3)"},{"name":"CCCS_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-8(5)"},{"name":"CCCS_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-9"},{"name":"CCCS_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-10"},{"name":"CCCS_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CM-10(1)"},{"name":"CSSS_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CM-11"},{"name":"CCCS_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-1"},{"name":"CCCS_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2"},{"name":"CCCS_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(1)"},{"name":"CCCS_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(2)"},{"name":"CCCS_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(3)"},{"name":"CCCS_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(4)"},{"name":"CCCS_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(5)"},{"name":"CCCS_CP-2(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(6)"},{"name":"CCCS_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-2(8)"},{"name":"CCCS_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-3"},{"name":"CCCS_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4"},{"name":"CCCS_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4(1)"},{"name":"CCCS_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-4(2)"},{"name":"CCCS_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6"},{"name":"CCCS_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(1)"},{"name":"CCCS_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(2)"},{"name":"CCCS_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-6(3)"},{"name":"CSSS_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_CP-7"},{"name":"CCCS_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(1)"},{"name":"CCCS_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(2)"},{"name":"CCCS_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(3)"},{"name":"CCCS_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-7(4)"},{"name":"CCCS_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8"},{"name":"CCCS_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(1)"},{"name":"CCCS_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(2)"},{"name":"CCCS_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(3)"},{"name":"CCCS_CP-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-8(5)"},{"name":"CCCS_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9"},{"name":"CCCS_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(1)"},{"name":"CCCS_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(2)"},{"name":"CCCS_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(3)"},{"name":"CCCS_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(5)"},{"name":"CCCS_CP-9(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-9(7)"},{"name":"CCCS_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10"},{"name":"CCCS_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10(2)"},{"name":"CCCS_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_CP-10(4)"},{"name":"CCCS_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-1"},{"name":"CCCS_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2"},{"name":"CSSS_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-2(1)"},{"name":"CCCS_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(3)"},{"name":"CCCS_IA-2(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(6)"},{"name":"CCCS_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(8)"},{"name":"CCCS_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-2(11)"},{"name":"CCCS_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-3"},{"name":"CCCS_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4"},{"name":"CCCS_IA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(2)"},{"name":"CCCS_IA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(3)"},{"name":"CCCS_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-4(4)"},{"name":"CSSS_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-5"},{"name":"CSSS_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_IA-5(1)"},{"name":"CCCS_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(2)"},{"name":"CCCS_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(3)"},{"name":"CCCS_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(4)"},{"name":"CCCS_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(6)"},{"name":"CCCS_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(7)"},{"name":"CCCS_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(8)"},{"name":"CCCS_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-5(11)"},{"name":"CCCS_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-6"},{"name":"CCCS_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-7"},{"name":"CCCS_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IA-8"},{"name":"CCCS_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-1"},{"name":"CCCS_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-2"},{"name":"CCCS_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-3"},{"name":"CCCS_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-3(2)"},{"name":"CCCS_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4"},{"name":"CCCS_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4(1)"},{"name":"CCCS_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-4(3)"},{"name":"CCCS_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-5"},{"name":"CCCS_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-6"},{"name":"CCCS_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-6(1)"},{"name":"CCCS_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7"},{"name":"CCCS_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7(1)"},{"name":"CCCS_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-7(2)"},{"name":"CCCS_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-8"},{"name":"CCCS_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9"},{"name":"CCCS_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(1)"},{"name":"CCCS_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(2)"},{"name":"CCCS_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(3)"},{"name":"CCCS_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_IR-9(4)"},{"name":"CCCS_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-1"},{"name":"CCCS_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-2"},{"name":"CCCS_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3"},{"name":"CCCS_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(1)"},{"name":"CCCS_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(2)"},{"name":"CCCS_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-3(3)"},{"name":"CCCS_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4"},{"name":"CCCS_MA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(1)"},{"name":"CCCS_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(2)"},{"name":"CCCS_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(3)"},{"name":"CCCS_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-4(6)"},{"name":"CCCS_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-5"},{"name":"CCCS_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-5(1)"},{"name":"CCCS_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MA-6"},{"name":"CCCS_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-1"},{"name":"CCCS_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-2"},{"name":"CCCS_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-3"},{"name":"CCCS_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-4"},{"name":"CCCS_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-5"},{"name":"CCCS_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-5(4)"},{"name":"CCCS_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6"},{"name":"CCCS_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(1)"},{"name":"CCCS_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(2)"},{"name":"CCCS_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-6(3)"},{"name":"CCCS_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-7"},{"name":"CCCS_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-7(1)"},{"name":"CCCS_MP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-8"},{"name":"CCCS_MP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_MP-8(1)"},{"name":"CCCS_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-1"},{"name":"CCCS_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-2"},{"name":"CCCS_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-3"},{"name":"CCCS_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-3(1)"},{"name":"CCCS_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-4"},{"name":"CCCS_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-5"},{"name":"CCCS_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6"},{"name":"CCCS_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6(1)"},{"name":"CCCS_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-6(4)"},{"name":"CCCS_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-8"},{"name":"CCCS_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-9"},{"name":"CCCS_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-10"},{"name":"CCCS_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-11"},{"name":"CCCS_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-12"},{"name":"CCCS_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13"},{"name":"CCCS_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13(2)"},{"name":"CCCS_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-13(3)"},{"name":"CCCS_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-14"},{"name":"CCCS_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-14(2)"},{"name":"CCCS_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-15"},{"name":"CCCS_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-16"},{"name":"CCCS_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PE-17"},{"name":"CCCS_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-1"},{"name":"CCCS_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-2"},{"name":"CCCS_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-2(3)"},{"name":"CCCS_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-4"},{"name":"CCCS_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-4(1)"},{"name":"CCCS_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PL-8"},{"name":"CCCS_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-1"},{"name":"CCCS_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-2"},{"name":"CCCS_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-3"},{"name":"CCCS_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-3(3)"},{"name":"CCCS_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-4"},{"name":"CCCS_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-5"},{"name":"CCCS_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-6"},{"name":"CCCS_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-7"},{"name":"CCCS_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_PS-8"},{"name":"CCCS_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-1"},{"name":"CCCS_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-2"},{"name":"CCCS_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-3"},{"name":"CSSS_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_RA-5"},{"name":"CCCS_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(1)"},{"name":"CCCS_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(2)"},{"name":"CCCS_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(3)"},{"name":"CCCS_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(5)"},{"name":"CCCS_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(6)"},{"name":"CCCS_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_RA-5(8)"},{"name":"CCCS_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-1"},{"name":"CCCS_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-2"},{"name":"CCCS_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-3"},{"name":"CCCS_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4"},{"name":"CCCS_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(1)"},{"name":"CCCS_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(2)"},{"name":"CCCS_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(8)"},{"name":"CCCS_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-4(9)"},{"name":"CCCS_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-5"},{"name":"CCCS_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-8"},{"name":"CCCS_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9"},{"name":"CCCS_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(1)"},{"name":"CCCS_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(2)"},{"name":"CCCS_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(4)"},{"name":"CCCS_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-9(5)"},{"name":"CCCS_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-10"},{"name":"CCCS_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-10(1)"},{"name":"CCCS_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11"},{"name":"CCCS_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(1)"},{"name":"CCCS_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(2)"},{"name":"CCCS_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-11(8)"},{"name":"CCCS_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SA-15"},{"name":"CCCS_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-1"},{"name":"CCCS_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-2"},{"name":"CCCS_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-4"},{"name":"CSSS_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-5"},{"name":"CCCS_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-6"},{"name":"CSSS_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7"},{"name":"CSSS_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7(3)"},{"name":"CSSS_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-7(4)"},{"name":"CCCS_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(5)"},{"name":"CCCS_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(7)"},{"name":"CCCS_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(8)"},{"name":"CCCS_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(12)"},{"name":"CCCS_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(13)"},{"name":"CCCS_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-7(18)"},{"name":"CCCS_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-8"},{"name":"CSSS_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-8(1)"},{"name":"CCCS_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-10"},{"name":"CCCS_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12"},{"name":"CCCS_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(1)"},{"name":"CCCS_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(2)"},{"name":"CCCS_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-12(3)"},{"name":"CCCS_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-13"},{"name":"CCCS_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-15"},{"name":"CCCS_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-17"},{"name":"CCCS_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18"},{"name":"CCCS_SC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18(3)"},{"name":"CCCS_SC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-18(4)"},{"name":"CCCS_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-19"},{"name":"CCCS_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-20"},{"name":"CCCS_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-21"},{"name":"CCCS_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-22"},{"name":"CCCS_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-23"},{"name":"CCCS_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-23(1)"},{"name":"CSSS_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SC-28"},{"name":"CCCS_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-28(1)"},{"name":"CCCS_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SC-39"},{"name":"CCCS_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-1"},{"name":"CSSS_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-2"},{"name":"CCCS_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-2(2)"},{"name":"CCCS_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-2(3)"},{"name":"CSSS_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-3"},{"name":"CSSS_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-3(1)"},{"name":"CCCS_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-3(2)"},{"name":"CCCS_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-3(7)"},{"name":"CSSS_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CSSS_SI-4"},{"name":"CCCS_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(1)"},{"name":"CCCS_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(2)"},{"name":"CCCS_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(4)"},{"name":"CCCS_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(5)"},{"name":"CCCS_SI-4(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(7)"},{"name":"CCCS_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(11)"},{"name":"CCCS_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(14)"},{"name":"CCCS_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(16)"},{"name":"CCCS_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(20)"},{"name":"CCCS_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-4(23)"},{"name":"CCCS_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-5"},{"name":"CCCS_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-6"},{"name":"CCCS_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7"},{"name":"CCCS_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7(1)"},{"name":"CCCS_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-7(7)"},{"name":"CCCS_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8"},{"name":"CCCS_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8(1)"},{"name":"CCCS_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-8(2)"},{"name":"CCCS_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-10"},{"name":"CCCS_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-11"},{"name":"CCCS_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-12"},{"name":"CCCS_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CCCS_SI-16"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs on which the remote host connection status does not match the specified one","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines on which the remote @@ -7580,7 +11707,279 @@ interactions: List of VM images that have supported Windows OS to add to scope","description":"Example value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: List of VM images that have supported Linux OS to add to scope","description":"Example - value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Deprecated]: + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_HybridVM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43"},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + CIS Microsoft Azure Foundations Benchmark 1.3.0","policyType":"BuiltIn","description":"This + initiative includes policies that address a subset of CIS Microsoft Azure + Foundations Benchmark recommendations. Additional policies will be added in + upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative.","metadata":{"version":"1.0.0-preview","preview":true,"category":"Regulatory + Compliance"},"parameters":{"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Custom subscription owner roles should not exist","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-475aae12-b88a-4572-8b36-9b712b2b3a17":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auto provisioning of the Log Analytics agent should be + enabled on your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subscriptions should have a contact email address for security + issues","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access using virtual + network rules","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c9d007d0-c057-4772-b18c-01e546713bcd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should allow access from trusted Microsoft + services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-89099bee-89e0-4b26-a5f4-165451757743":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should be configured with 90 days auditing + retention or higher.","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Log checkpoints should be enabled for PostgreSQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Log connections should be enabled for PostgreSQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disconnections should be logged for PostgreSQL database + servers.","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Connection throttling should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should use customer-managed keys to encrypt + data at rest","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL managed instances should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account containing the container with activity + logs must be encrypted with BYOK","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/write)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention period (days) for resource logs","description":"For more + information about resource logs, visit https://aka.ms/resourcelogs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Batch accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"Boolean","metadata":{"displayName":"[Preview]: + Include AKS clusters when auditing if virtual machine scale set resource logs + are enabled"},"defaultValue":false},"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Azure Data Lake Store should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Data Lake Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Event Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Logic Apps should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Search services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Service Bus should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in Azure Stream Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Preview]: + List of regions where Network Watcher should be enabled","description":"To + see a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":[]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Preview]: + Name of the resource group for Network Watcher","description":"Name of the + resource group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Unattached disks should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c0e996f8-39cf-4af9-9f45-83fbde810432":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only approved VM extensions should be installed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432":{"type":"Array","metadata":{"displayName":"[Preview]: + List of virtual machine extensions that are approved for use","description":"A + semicolon-separated list of virtual machine extensions; to see a complete + list of extensions, use the Azure PowerShell command Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-98728c90-32c7-4049-8429-847dc0f4fe37":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secrets should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c4ebc54a-46e1-481a-bee2-d4411e95d828":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your API app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your Function app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Authentication should be enabled on your web app","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure API app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eaebaea7-8013-4ceb-9d14-7eb32271373c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure Function app has ''Client Certificates (Incoming + client certificates)'' set to ''On''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5bb220d9-2698-4ee4-8404-b9c30c9df609":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure WEB app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2b9ad585-36bc-4615-b300-fd4435808332":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Managed identity should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Function app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Web app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS only should be required in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-399b2637-a50f-4f95-96f8-3a145476eb15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS only should be required in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: FTPS should be required in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["CIS_Azure_1.3.0_1.1"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["CIS_Azure_1.3.0_1.1"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["CIS_Azure_1.3.0_1.2"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["CIS_Azure_1.3.0_1.3"]},{"policyDefinitionReferenceId":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{"effect":{"value":"[parameters(''effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'')]"}},"groupNames":["CIS_Azure_1.3.0_1.21"]},{"policyDefinitionReferenceId":"4da35fc9-c9e7-4960-aec9-797fe7d9051d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["CIS_Azure_1.3.0_2.1"]},{"policyDefinitionReferenceId":"2913021d-f2fd-4f3d-b958-22354e2bdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["CIS_Azure_1.3.0_2.2"]},{"policyDefinitionReferenceId":"7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["CIS_Azure_1.3.0_2.3"]},{"policyDefinitionReferenceId":"6581d072-105e-4418-827f-bd446d56421b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["CIS_Azure_1.3.0_2.4"]},{"policyDefinitionReferenceId":"308fbb08-4ab8-4e67-9b29-592e93fb94fa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["CIS_Azure_1.3.0_2.5"]},{"policyDefinitionReferenceId":"523b5cd1-3e23-492f-a539-13118b6d1e3a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["CIS_Azure_1.3.0_2.6"]},{"policyDefinitionReferenceId":"c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["CIS_Azure_1.3.0_2.7"]},{"policyDefinitionReferenceId":"0e6763cc-5078-4e64-889d-ff4d9a839047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["CIS_Azure_1.3.0_2.8"]},{"policyDefinitionReferenceId":"475aae12-b88a-4572-8b36-9b712b2b3a17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''effect-475aae12-b88a-4572-8b36-9b712b2b3a17'')]"}},"groupNames":["CIS_Azure_1.3.0_2.11"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["CIS_Azure_1.3.0_2.13"]},{"policyDefinitionReferenceId":"6e2593d9-add6-4083-9c9b-4b7d2188c899","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["CIS_Azure_1.3.0_2.14"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["CIS_Azure_1.3.0_3.1"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["CIS_Azure_1.3.0_3.5","CIS_Azure_1.3.0_5.1.3"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["CIS_Azure_1.3.0_3.6"]},{"policyDefinitionReferenceId":"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f'')]"}},"groupNames":["CIS_Azure_1.3.0_3.6"]},{"policyDefinitionReferenceId":"c9d007d0-c057-4772-b18c-01e546713bcd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{"effect":{"value":"[parameters(''effect-c9d007d0-c057-4772-b18c-01e546713bcd'')]"}},"groupNames":["CIS_Azure_1.3.0_3.7"]},{"policyDefinitionReferenceId":"6fac406b-40ca-413b-bf8e-0bf964659c25","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["CIS_Azure_1.3.0_3.9"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.1"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.2"]},{"policyDefinitionReferenceId":"89099bee-89e0-4b26-a5f4-165451757743","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''effect-89099bee-89e0-4b26-a5f4-165451757743'')]"}},"groupNames":["CIS_Azure_1.3.0_4.1.3"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.1"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.1"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.2"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.2"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.2.4"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.1"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.2"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.3"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.4"]},{"policyDefinitionReferenceId":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{"effect":{"value":"[parameters(''effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.5"]},{"policyDefinitionReferenceId":"5345bb39-67dc-4960-a1bf-427e16b9a0bd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{"effect":{"value":"[parameters(''effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd'')]"}},"groupNames":["CIS_Azure_1.3.0_4.3.6"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["CIS_Azure_1.3.0_4.4"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["CIS_Azure_1.3.0_4.5"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["CIS_Azure_1.3.0_4.5"]},{"policyDefinitionReferenceId":"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2","parameters":{"effect":{"value":"[parameters(''effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2'')]"}},"groupNames":["CIS_Azure_1.3.0_5.1.4"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.1"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.2"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.3"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.4"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.5"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.6"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.7"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.8"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/write"}},"groupNames":["CIS_Azure_1.3.0_5.2.9"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CIS_Azure_1.3.0_5.2.9"]},{"policyDefinitionReferenceId":"cf820ca0-f99e-4f3e-84fb-66e913812d21","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''effect-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.1.5","CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"428256e6-1fac-4f48-a757-df34c2b3336d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''effect-428256e6-1fac-4f48-a757-df34c2b3336d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"7c1b1214-f927-48bf-8882-84f0af6588b1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''effect-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"},"includeAKSClusters":{"value":"[parameters(''includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"057ef27e-665e-4328-8ea3-04b3122bd9fb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''effect-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"c95c74d9-38fe-4f0d-af86-0c7d626a315c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"83a214f7-d01a-484b-91a9-ed54470c9a6a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''effect-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"34f95f76-5386-4de7-b824-0d8478470c9d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''effect-34f95f76-5386-4de7-b824-0d8478470c9d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"b4330a05-a843-4bc8-bf9a-cacce50c67f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"f9be5368-9bf5-4b84-9e0a-7850da98bb46","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["CIS_Azure_1.3.0_5.3"]},{"policyDefinitionReferenceId":"e372f825-a257-4fb8-9175-797a8a8627d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["CIS_Azure_1.3.0_6.1"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["CIS_Azure_1.3.0_6.2"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["CIS_Azure_1.3.0_6.5"]},{"policyDefinitionReferenceId":"06a78e20-9358-41c9-923c-fb736d382a4d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["CIS_Azure_1.3.0_7.1"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["CIS_Azure_1.3.0_7.2"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2'')]"}},"groupNames":["CIS_Azure_1.3.0_7.3"]},{"policyDefinitionReferenceId":"c0e996f8-39cf-4af9-9f45-83fbde810432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"effect":{"value":"[parameters(''effect-c0e996f8-39cf-4af9-9f45-83fbde810432'')]"},"approvedExtensions":{"value":"[parameters(''approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432'')]"}},"groupNames":["CIS_Azure_1.3.0_7.4"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["CIS_Azure_1.3.0_7.5"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["CIS_Azure_1.3.0_7.6"]},{"policyDefinitionReferenceId":"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0'')]"}},"groupNames":["CIS_Azure_1.3.0_8.1"]},{"policyDefinitionReferenceId":"98728c90-32c7-4049-8429-847dc0f4fe37","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37","parameters":{"effect":{"value":"[parameters(''effect-98728c90-32c7-4049-8429-847dc0f4fe37'')]"}},"groupNames":["CIS_Azure_1.3.0_8.2"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["CIS_Azure_1.3.0_8.4"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["CIS_Azure_1.3.0_8.5"]},{"policyDefinitionReferenceId":"c4ebc54a-46e1-481a-bee2-d4411e95d828","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828","parameters":{"effect":{"value":"[parameters(''effect-c4ebc54a-46e1-481a-bee2-d4411e95d828'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8","parameters":{"effect":{"value":"[parameters(''effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"95bccee9-a7f8-4bec-9ee9-62c3473701fc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc","parameters":{"effect":{"value":"[parameters(''effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc'')]"}},"groupNames":["CIS_Azure_1.3.0_9.1"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["CIS_Azure_1.3.0_9.2"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["CIS_Azure_1.3.0_9.3"]},{"policyDefinitionReferenceId":"0c192fe8-9cbb-4516-85b3-0ade8bd03886","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"eaebaea7-8013-4ceb-9d14-7eb32271373c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''effect-eaebaea7-8013-4ceb-9d14-7eb32271373c'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"5bb220d9-2698-4ee4-8404-b9c30c9df609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''effect-5bb220d9-2698-4ee4-8404-b9c30c9df609'')]"}},"groupNames":["CIS_Azure_1.3.0_9.4"]},{"policyDefinitionReferenceId":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"2b9ad585-36bc-4615-b300-fd4435808332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''effect-2b9ad585-36bc-4615-b300-fd4435808332'')]"}},"groupNames":["CIS_Azure_1.3.0_9.5"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.6"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.6"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.7"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CIS_Azure_1.3.0_9.8"]},{"policyDefinitionReferenceId":"991310cd-e9f3-47bc-b7b6-f57b557d07db","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{"effect":{"value":"[parameters(''effect-991310cd-e9f3-47bc-b7b6-f57b557d07db'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"e2c1c086-2d84-4019-bff3-c44ccd95113c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{"effect":{"value":"[parameters(''effect-e2c1c086-2d84-4019-bff3-c44ccd95113c'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"8c122334-9d20-4eb8-89ea-ac9a705b74ae","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{"effect":{"value":"[parameters(''effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae'')]"}},"groupNames":["CIS_Azure_1.3.0_9.9"]},{"policyDefinitionReferenceId":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]},{"policyDefinitionReferenceId":"399b2637-a50f-4f95-96f8-3a145476eb15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''effect-399b2637-a50f-4f95-96f8-3a145476eb15'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]},{"policyDefinitionReferenceId":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'')]"}},"groupNames":["CIS_Azure_1.3.0_9.10"]}],"policyDefinitionGroups":[{"name":"CIS_Azure_1.3.0_1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.1"},{"name":"CIS_Azure_1.3.0_1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.2"},{"name":"CIS_Azure_1.3.0_1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.3"},{"name":"CIS_Azure_1.3.0_1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.4"},{"name":"CIS_Azure_1.3.0_1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.5"},{"name":"CIS_Azure_1.3.0_1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.6"},{"name":"CIS_Azure_1.3.0_1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.7"},{"name":"CIS_Azure_1.3.0_1.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.8"},{"name":"CIS_Azure_1.3.0_1.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.9"},{"name":"CIS_Azure_1.3.0_1.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.10"},{"name":"CIS_Azure_1.3.0_1.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.11"},{"name":"CIS_Azure_1.3.0_1.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.12"},{"name":"CIS_Azure_1.3.0_1.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.13"},{"name":"CIS_Azure_1.3.0_1.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.14"},{"name":"CIS_Azure_1.3.0_1.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.15"},{"name":"CIS_Azure_1.3.0_1.16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.16"},{"name":"CIS_Azure_1.3.0_1.17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.17"},{"name":"CIS_Azure_1.3.0_1.18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.18"},{"name":"CIS_Azure_1.3.0_1.19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.19"},{"name":"CIS_Azure_1.3.0_1.20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.20"},{"name":"CIS_Azure_1.3.0_1.21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.21"},{"name":"CIS_Azure_1.3.0_1.22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.22"},{"name":"CIS_Azure_1.3.0_1.23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.23"},{"name":"CIS_Azure_1.3.0_2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.1"},{"name":"CIS_Azure_1.3.0_2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.2"},{"name":"CIS_Azure_1.3.0_2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.3"},{"name":"CIS_Azure_1.3.0_2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.4"},{"name":"CIS_Azure_1.3.0_2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.5"},{"name":"CIS_Azure_1.3.0_2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.6"},{"name":"CIS_Azure_1.3.0_2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.7"},{"name":"CIS_Azure_1.3.0_2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.8"},{"name":"CIS_Azure_1.3.0_2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.9"},{"name":"CIS_Azure_1.3.0_2.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.10"},{"name":"CIS_Azure_1.3.0_2.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.11"},{"name":"CIS_Azure_1.3.0_2.12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.12"},{"name":"CIS_Azure_1.3.0_2.13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.13"},{"name":"CIS_Azure_1.3.0_2.14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.14"},{"name":"CIS_Azure_1.3.0_2.15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.15"},{"name":"CIS_Azure_1.3.0_3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.1"},{"name":"CIS_Azure_1.3.0_3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.2"},{"name":"CIS_Azure_1.3.0_3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.3"},{"name":"CIS_Azure_1.3.0_3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.4"},{"name":"CIS_Azure_1.3.0_3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.5"},{"name":"CIS_Azure_1.3.0_3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.6"},{"name":"CIS_Azure_1.3.0_3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.7"},{"name":"CIS_Azure_1.3.0_3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.8"},{"name":"CIS_Azure_1.3.0_3.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.9"},{"name":"CIS_Azure_1.3.0_3.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.10"},{"name":"CIS_Azure_1.3.0_3.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.11"},{"name":"CIS_Azure_1.3.0_4.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.1"},{"name":"CIS_Azure_1.3.0_4.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.2"},{"name":"CIS_Azure_1.3.0_4.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.3"},{"name":"CIS_Azure_1.3.0_4.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.1"},{"name":"CIS_Azure_1.3.0_4.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.2"},{"name":"CIS_Azure_1.3.0_4.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.3"},{"name":"CIS_Azure_1.3.0_4.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.4"},{"name":"CIS_Azure_1.3.0_4.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.5"},{"name":"CIS_Azure_1.3.0_4.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.1"},{"name":"CIS_Azure_1.3.0_4.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.2"},{"name":"CIS_Azure_1.3.0_4.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.3"},{"name":"CIS_Azure_1.3.0_4.3.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.4"},{"name":"CIS_Azure_1.3.0_4.3.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.5"},{"name":"CIS_Azure_1.3.0_4.3.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.6"},{"name":"CIS_Azure_1.3.0_4.3.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.7"},{"name":"CIS_Azure_1.3.0_4.3.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.8"},{"name":"CIS_Azure_1.3.0_4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.4"},{"name":"CIS_Azure_1.3.0_4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.5"},{"name":"CIS_Azure_1.3.0_5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.1"},{"name":"CIS_Azure_1.3.0_5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.2"},{"name":"CIS_Azure_1.3.0_5.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.3"},{"name":"CIS_Azure_1.3.0_5.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.4"},{"name":"CIS_Azure_1.3.0_5.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.5"},{"name":"CIS_Azure_1.3.0_5.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.1"},{"name":"CIS_Azure_1.3.0_5.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.2"},{"name":"CIS_Azure_1.3.0_5.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.3"},{"name":"CIS_Azure_1.3.0_5.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.4"},{"name":"CIS_Azure_1.3.0_5.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.5"},{"name":"CIS_Azure_1.3.0_5.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.6"},{"name":"CIS_Azure_1.3.0_5.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.7"},{"name":"CIS_Azure_1.3.0_5.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.8"},{"name":"CIS_Azure_1.3.0_5.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.9"},{"name":"CIS_Azure_1.3.0_5.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.3"},{"name":"CIS_Azure_1.3.0_6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.1"},{"name":"CIS_Azure_1.3.0_6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.2"},{"name":"CIS_Azure_1.3.0_6.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.3"},{"name":"CIS_Azure_1.3.0_6.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.4"},{"name":"CIS_Azure_1.3.0_6.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.5"},{"name":"CIS_Azure_1.3.0_6.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.6"},{"name":"CIS_Azure_1.3.0_7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.1"},{"name":"CIS_Azure_1.3.0_7.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.2"},{"name":"CIS_Azure_1.3.0_7.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.3"},{"name":"CIS_Azure_1.3.0_7.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.4"},{"name":"CIS_Azure_1.3.0_7.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.5"},{"name":"CIS_Azure_1.3.0_7.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.6"},{"name":"CIS_Azure_1.3.0_7.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.7"},{"name":"CIS_Azure_1.3.0_8.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.1"},{"name":"CIS_Azure_1.3.0_8.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.2"},{"name":"CIS_Azure_1.3.0_8.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.3"},{"name":"CIS_Azure_1.3.0_8.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.4"},{"name":"CIS_Azure_1.3.0_8.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.5"},{"name":"CIS_Azure_1.3.0_9.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.1"},{"name":"CIS_Azure_1.3.0_9.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.2"},{"name":"CIS_Azure_1.3.0_9.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.3"},{"name":"CIS_Azure_1.3.0_9.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.4"},{"name":"CIS_Azure_1.3.0_9.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.5"},{"name":"CIS_Azure_1.3.0_9.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.6"},{"name":"CIS_Azure_1.3.0_9.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.7"},{"name":"CIS_Azure_1.3.0_9.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.8"},{"name":"CIS_Azure_1.3.0_9.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.9"},{"name":"CIS_Azure_1.3.0_9.10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.10"},{"name":"CIS_Azure_1.3.0_9.11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.11"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/612b5213-9160-4969-8578-1518bd2a000c","type":"Microsoft.Authorization/policySetDefinitions","name":"612b5213-9160-4969-8578-1518bd2a000c"},{"properties":{"displayName":"Flow + logs should be configured and enabled for every network security group","policyType":"BuiltIn","description":"Audit + for network security groups to verify if flow logs are configured and if flow + log status is enabled. Enabling flow logs allows to log information about + IP traffic flowing through network security group. It can be used for optimizing + network flows, monitoring throughput, verifying compliance, detecting intrusions + and more.","metadata":{"version":"1.0.0","category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"NetworkSecurityGroup_FlowLog_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41","parameters":{"effect":{"value":"[parameters(''effect'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"NetworkWatcherFlowLog_Enabled_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be","parameters":{"effect":{"value":"[parameters(''effect'')]"}},"groupNames":[]}],"policyDefinitionGroups":[]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/62329546-775b-4a3d-a4cb-eb4bb990d2c0","type":"Microsoft.Authorization/policySetDefinitions","name":"62329546-775b-4a3d-a4cb-eb4bb990d2c0"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest @@ -7605,13 +12004,13 @@ interactions: 27001:2013","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/iso27001-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/iso27001-init.","metadata":{"version":"4.0.2","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"[Deprecated]: + of resource types that should have resource logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.2"]},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["ISO27001-2013_A.9.2.5","ISO27001-2013_A.9.2.6"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["ISO27001-2013_A.9.2.5","ISO27001-2013_A.9.2.6"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.5"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3","ISO27001-2013_A.9.2.5"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4","ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["ISO27001-2013_A.9.4.3","ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2","ISO27001-2013_A.9.2.4"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.2.4"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.9.4.3"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["ISO27001-2013_A.6.1.2"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["ISO27001-2013_A.6.1.2"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["ISO27001-2013_A.12.5.1","ISO27001-2013_A.12.6.2"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["ISO27001-2013_A.8.2.1","ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["ISO27001-2013_A.13.1.1"]},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["ISO27001-2013_A.12.6.1"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1","ISO27001-2013_A.13.2.1"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1","ISO27001-2013_A.13.2.1"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["ISO27001-2013_A.12.4.1","ISO27001-2013_A.12.4.3","ISO27001-2013_A.12.4.4"]},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["ISO27001-2013_A.10.1.1"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["ISO27001-2013_A.13.1.1"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["ISO27001-2013_A.9.2.3"]},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{},"groupNames":["ISO27001-2013_A.9.1.2"]}],"policyDefinitionGroups":[{"name":"ISO27001-2013_A.5.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.5.1.1"},{"name":"ISO27001-2013_A.5.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.5.1.2"},{"name":"ISO27001-2013_A.6.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.1"},{"name":"ISO27001-2013_A.6.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.2"},{"name":"ISO27001-2013_A.6.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.3"},{"name":"ISO27001-2013_A.6.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.4"},{"name":"ISO27001-2013_A.6.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.1.5"},{"name":"ISO27001-2013_A.6.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.2.1"},{"name":"ISO27001-2013_A.6.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.6.2.2"},{"name":"ISO27001-2013_A.7.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.1.1"},{"name":"ISO27001-2013_A.7.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.1.2"},{"name":"ISO27001-2013_A.7.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.1"},{"name":"ISO27001-2013_A.7.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.2"},{"name":"ISO27001-2013_A.7.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.2.3"},{"name":"ISO27001-2013_A.7.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.7.3.1"},{"name":"ISO27001-2013_A.8.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.1"},{"name":"ISO27001-2013_A.8.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.2"},{"name":"ISO27001-2013_A.8.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.3"},{"name":"ISO27001-2013_A.8.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.1.4"},{"name":"ISO27001-2013_A.8.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.1"},{"name":"ISO27001-2013_A.8.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.2"},{"name":"ISO27001-2013_A.8.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.2.3"},{"name":"ISO27001-2013_A.8.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.1"},{"name":"ISO27001-2013_A.8.3.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.2"},{"name":"ISO27001-2013_A.8.3.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.8.3.3"},{"name":"ISO27001-2013_A.9.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.1.1"},{"name":"ISO27001-2013_A.9.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.1.2"},{"name":"ISO27001-2013_A.9.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.1"},{"name":"ISO27001-2013_A.9.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.2"},{"name":"ISO27001-2013_A.9.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.3"},{"name":"ISO27001-2013_A.9.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.4"},{"name":"ISO27001-2013_A.9.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.5"},{"name":"ISO27001-2013_A.9.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.2.6"},{"name":"ISO27001-2013_A.9.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.3.1"},{"name":"ISO27001-2013_A.9.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.1"},{"name":"ISO27001-2013_A.9.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.2"},{"name":"ISO27001-2013_A.9.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.3"},{"name":"ISO27001-2013_A.9.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.4"},{"name":"ISO27001-2013_A.9.4.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.9.4.5"},{"name":"ISO27001-2013_A.10.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.10.1.1"},{"name":"ISO27001-2013_A.10.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.10.1.2"},{"name":"ISO27001-2013_A.11.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.1"},{"name":"ISO27001-2013_A.11.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.2"},{"name":"ISO27001-2013_A.11.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.3"},{"name":"ISO27001-2013_A.11.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.4"},{"name":"ISO27001-2013_A.11.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.5"},{"name":"ISO27001-2013_A.11.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.1.6"},{"name":"ISO27001-2013_A.11.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.1"},{"name":"ISO27001-2013_A.11.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.2"},{"name":"ISO27001-2013_A.11.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.3"},{"name":"ISO27001-2013_A.11.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.4"},{"name":"ISO27001-2013_A.11.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.5"},{"name":"ISO27001-2013_A.11.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.6"},{"name":"ISO27001-2013_A.11.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.7"},{"name":"ISO27001-2013_A.11.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.8"},{"name":"ISO27001-2013_A.11.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.11.2.9"},{"name":"ISO27001-2013_A.12.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.1"},{"name":"ISO27001-2013_A.12.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.2"},{"name":"ISO27001-2013_A.12.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.3"},{"name":"ISO27001-2013_A.12.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.1.4"},{"name":"ISO27001-2013_A.12.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.2.1"},{"name":"ISO27001-2013_A.12.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.3.1"},{"name":"ISO27001-2013_A.12.4.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.1"},{"name":"ISO27001-2013_A.12.4.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.2"},{"name":"ISO27001-2013_A.12.4.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.3"},{"name":"ISO27001-2013_A.12.4.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.4.4"},{"name":"ISO27001-2013_A.12.5.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.5.1"},{"name":"ISO27001-2013_A.12.6.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.6.1"},{"name":"ISO27001-2013_A.12.6.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.6.2"},{"name":"ISO27001-2013_A.12.7.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.12.7.1"},{"name":"ISO27001-2013_A.13.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.1"},{"name":"ISO27001-2013_A.13.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.2"},{"name":"ISO27001-2013_A.13.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.1.3"},{"name":"ISO27001-2013_A.13.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.1"},{"name":"ISO27001-2013_A.13.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.2"},{"name":"ISO27001-2013_A.13.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.3"},{"name":"ISO27001-2013_A.13.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.13.2.4"},{"name":"ISO27001-2013_A.14.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.1"},{"name":"ISO27001-2013_A.14.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.2"},{"name":"ISO27001-2013_A.14.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.1.3"},{"name":"ISO27001-2013_A.14.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.1"},{"name":"ISO27001-2013_A.14.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.2"},{"name":"ISO27001-2013_A.14.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.3"},{"name":"ISO27001-2013_A.14.2.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.4"},{"name":"ISO27001-2013_A.14.2.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.5"},{"name":"ISO27001-2013_A.14.2.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.6"},{"name":"ISO27001-2013_A.14.2.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.7"},{"name":"ISO27001-2013_A.14.2.8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.8"},{"name":"ISO27001-2013_A.14.2.9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.2.9"},{"name":"ISO27001-2013_A.14.3.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.14.3.1"},{"name":"ISO27001-2013_A.15.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.1"},{"name":"ISO27001-2013_A.15.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.2"},{"name":"ISO27001-2013_A.15.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.1.3"},{"name":"ISO27001-2013_A.15.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.2.1"},{"name":"ISO27001-2013_A.15.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.15.2.2"},{"name":"ISO27001-2013_A.16.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.1"},{"name":"ISO27001-2013_A.16.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.2"},{"name":"ISO27001-2013_A.16.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.3"},{"name":"ISO27001-2013_A.16.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.4"},{"name":"ISO27001-2013_A.16.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.5"},{"name":"ISO27001-2013_A.16.1.6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.6"},{"name":"ISO27001-2013_A.16.1.7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.16.1.7"},{"name":"ISO27001-2013_A.17.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.1"},{"name":"ISO27001-2013_A.17.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.2"},{"name":"ISO27001-2013_A.17.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.1.3"},{"name":"ISO27001-2013_A.17.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.17.2.1"},{"name":"ISO27001-2013_A.18.1.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.1"},{"name":"ISO27001-2013_A.18.1.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.2"},{"name":"ISO27001-2013_A.18.1.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.3"},{"name":"ISO27001-2013_A.18.1.4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.4"},{"name":"ISO27001-2013_A.18.1.5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.1.5"},{"name":"ISO27001-2013_A.18.2.1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.1"},{"name":"ISO27001-2013_A.18.2.2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.2"},{"name":"ISO27001-2013_A.18.2.3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ISO27001-2013_A.18.2.3"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"[Deprecated]: Audit Windows web servers that are not using secure communication protocols","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For @@ -7623,7 +12022,7 @@ interactions: DOD Impact Level 4","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of DOD Impact Level 4 (IL4) controls. Additional policies will be - added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint.","metadata":{"version":"5.0.0-deprecated","category":"Regulatory + added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint.","metadata":{"version":"6.0.1-deprecated","category":"Regulatory Compliance","deprecated":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Deprecated]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -7639,7 +12038,7 @@ interactions: local group; Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"[Deprecated]: Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) of the Log Analytics workspace where VMs agents should report"}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"[Deprecated]: - List of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfLocations":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfLocations":{"type":"Array","metadata":{"displayName":"[Deprecated]: List of regions where Network Watcher should be enabled","description":"To see a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Vulnerability assessment should be enabled on SQL Managed @@ -7662,7 +12061,7 @@ interactions: Effect for policy: Geo-redundant backup should be enabled for Azure Database for PostgreSQL","description":"Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: - Adaptive Network Hardening recommendations should be applied on internet facing + Adaptive network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Web Application should only be accessible over HTTPS","description":"Azure @@ -7700,7 +12099,7 @@ interactions: more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"[Deprecated]: Effect for policy: Long-term geo-redundant backup should be enabled for Azure SQL Databases","description":"Azure Policy effect for this policy; for more - information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilitiesSecurityConfigurationsRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"kubernetesServicesUpgradedToNonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{}},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"securityContactPhoneNumberShouldBeProvidedForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{}},{"policyDefinitionReferenceId":"microsftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{}},{"policyDefinitionReferenceId":"NetworkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133","type":"Microsoft.Authorization/policySetDefinitions","name":"8d792a84-723c-4d92-a3c3-e4ed16a2d133"},{"properties":{"displayName":"[Deprecated]: + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilitiesSecurityConfigurationsRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"ensureHTTPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"ensureJavaVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"ensurePHPVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensurePythonVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"ensureTLSVersionLatestForWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"kubernetesServicesUpgradedToNonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{}},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"securityContactEmailAddressForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{}},{"policyDefinitionReferenceId":"logAnalyticsAgentUnstalledVMs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{}},{"policyDefinitionReferenceId":"microsftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{}},{"policyDefinitionReferenceId":"NetworkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133","type":"Microsoft.Authorization/policySetDefinitions","name":"8d792a84-723c-4d92-a3c3-e4ed16a2d133"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs on which the specified services are not installed and ''Running''","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and ''Running''. For more @@ -7713,7 +12112,7 @@ interactions: initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/mpaa-blueprint.","metadata":{"version":"3.0.0-preview","category":"Regulatory + For more information, visit https://aka.ms/mpaa-blueprint.","metadata":{"version":"4.0.1-preview","category":"Regulatory Compliance","preview":true},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -7742,10 +12141,10 @@ interactions: required metric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Audit unrestricted network access to storage accounts","description":"Enable or disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: - Diagnostic logs in Logic Apps should be enabled","description":"Enable or - disable the monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: - Required retention (in days) of diagnostic logs in Logic Apps workflows","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: + Resource logs in Logic Apps should be enabled","description":"Enable or disable + the monitoring of resource logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention (in days) of resource logs in Logic Apps workflows","description":"The + required resource logs retention period in days"},"defaultValue":"365"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated","description":"Enable or disable monitoring of virtual machine scale sets OS vulnerabilities "},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"String","metadata":{"displayName":"[Preview]: @@ -7758,7 +12157,10 @@ interactions: must enable this policy setting."},"defaultValue":"1"},"vulnerabilityAssessmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"[Preview]: + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"[Preview]: + A vulnerability assessment solution should be enabled on your virtual machines","description":"Enable + or disable the detection of virtual machine vulnerabilities by Azure Security + Center vulnerability assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"[Preview]: Users or groups that may access this computer from the network","description":"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."},"defaultValue":"Administrators, @@ -7900,8 +12302,8 @@ interactions: of Service Bus namespace authorization rules"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services","description":"Enable or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: - Diagnostic logs in Search services should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"[Preview]: + Resource logs in Search services should be enabled","description":"Enable + or disable the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"[Preview]: Microsoft network client: Digitally sign communications (always)","description":"Specifies whether packet signing is required by the SMB client component."},"defaultValue":"1"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"String","metadata":{"displayName":"[Preview]: Microsoft network client: Send unencrypted password to third-party SMB servers","description":"Specifies @@ -7978,7 +12380,7 @@ interactions: or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"[Preview]: Vulnerabilities on your SQL databases should be remediated","description":"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations - for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountPoolDeleteStartEffect'')]"},"metricName":{"value":"[parameters(''MetricName'')]"}}},{"policyDefinitionReferenceId":"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3b823c9-e0fc-4453-9fb2-8213b7338523","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"applicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingForNetworkInterfaces","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","parameters":{}},{"policyDefinitionReferenceId":"sqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineWindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"windowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"windowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"windowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"windowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"windowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"windowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"windowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"windowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"windowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"windowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"windowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"windowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"windowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"windowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"windowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"windowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6c69680-54f0-4349-af10-94dd05f4225e","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"microsoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1417908b-4bff-46ee-a2a6-4acc899320ab","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"expirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"certificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"certificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"includeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"deployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''StoragePrefix'')]"},"rgName":{"value":"[parameters(''RgName'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"accountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"networkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"networkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8","type":"Microsoft.Authorization/policySetDefinitions","name":"92646f03-e39d-47a9-9e24-58d60ef49af8"},{"properties":{"displayName":"[Preview]: + for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"auditWindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountPoolDeleteStartEffect'')]"},"metricName":{"value":"[parameters(''MetricName'')]"}}},{"policyDefinitionReferenceId":"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3b823c9-e0fc-4453-9fb2-8213b7338523","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"applicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingForNetworkInterfaces","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","parameters":{}},{"policyDefinitionReferenceId":"sqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineWindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"windowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"windowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"windowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"windowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"windowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"windowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"windowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"windowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"windowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"windowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"windowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"windowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"windowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"windowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"windowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"windowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"windowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''RequiredRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6c69680-54f0-4349-af10-94dd05f4225e","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"microsoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"microsoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1417908b-4bff-46ee-a2a6-4acc899320ab","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"certificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"expirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"certificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"certificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"includeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"deployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''StoragePrefix'')]"},"rgName":{"value":"[parameters(''RgName'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"accountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"networkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"networkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8","type":"Microsoft.Authorization/policySetDefinitions","name":"92646f03-e39d-47a9-9e24-58d60ef49af8"},{"properties":{"displayName":"[Preview]: Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.","metadata":{"version":"1.0.0-preview","category":"Security @@ -7993,10 +12395,17 @@ interactions: starting with Windows 10/Windows Server with update 1709. Setting this value to ''Non-Compliant'' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. - Setting this value to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"HITRUST/HIPAA","policyType":"BuiltIn","description":"This + Setting this value to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"[Preview]: + Deploy - Configure prerequisites to enable Azure Monitor and Azure Security + agents on virtual machines","policyType":"BuiltIn","description":"Configure + machines to automatically install the Azure Monitor and Azure Security agents. + Security Center collects events from the agents and uses them to provide security + alerts and tailored hardening tasks (recommendations). Create a resource group + and Log Analytics workspace in the same region as the machine to store audit + records. This policy only applies to VMs in a few regions.","metadata":{"category":"Monitoring","version":"1.0.0-preview","preview":true},"policyDefinitions":[{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e"},{"policyDefinitionReferenceId":"ASC_DeployAzureSecurityLinuxAgent","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2"},{"policyDefinitionReferenceId":"ASC_DeployAzureSecurityWindowsAgent","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a15f3269-2e10-458c-87a4-d5989e678a73","type":"Microsoft.Authorization/policySetDefinitions","name":"a15f3269-2e10-458c-87a4-d5989e678a73"},{"properties":{"displayName":"HITRUST/HIPAA","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will - be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.","metadata":{"version":"4.1.0","category":"Regulatory + be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.","metadata":{"version":"5.1.0","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -8021,7 +12430,7 @@ interactions: of workspace IDs where Log Analytics agents should connect","description":"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"},"defaultValue":""},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled","description":"Audit + of resource types that should have resource logs enabled","description":"Audit diagnostic setting for selected resource types"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToInclude":{"type":"String","metadata":{"displayName":"List of users that must be included in Windows VM Administrators group","description":"A semicolon-separated list of members that should be included in the Administrators @@ -8036,29 +12445,29 @@ interactions: Name","description":"Administrative Operation name for which activity log alert should be configured"},"allowedValues":["Microsoft.Sql/servers/firewallRules/write","Microsoft.Sql/servers/firewallRules/delete","Microsoft.Network/networkSecurityGroups/write","Microsoft.Network/networkSecurityGroups/delete","Microsoft.ClassicNetwork/networkSecurityGroups/write","Microsoft.ClassicNetwork/networkSecurityGroups/delete","Microsoft.Network/networkSecurityGroups/securityRules/write","Microsoft.Network/networkSecurityGroups/securityRules/delete","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"],"defaultValue":"Microsoft.Sql/servers/firewallRules/write"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual network where VMs should be connected","description":"Resource Id of the virtual - network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"},"defaultValue":""},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"},"defaultValue":""},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Batch accounts should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL + resource logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL Managed Instance TDE protector should be encrypted with your own key","description":"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk encryption should be applied on virtual machines","description":"Enable or - disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Search services should be enabled","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required + the monitoring of resource logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability + resource logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability assessment should be enabled on SQL Managed Instance","description":"Audit each SQL Managed Instance which doesn''t have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities should be remediated by a Vulnerability Assessment solution","description":"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment - solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable + solution","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable insecure guest logons","description":"Specifies whether the SMB client will allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow simultaneous connections to the Internet or a Windows Domain","description":"Specify @@ -8116,15 +12525,15 @@ interactions: ports should be closed on your virtual machines","description":"Enable or disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated","description":"Enable - or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Event Hub should be enabled","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required + monitoring of resource logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System + resource logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System updates on virtual machine scale sets should be installed","description":"Enable - or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic + or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Resource logs in Virtual Machine Scale Sets should be enabled","description":"Enable - or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System + or disable the monitoring of resource logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System updates should be installed on your machines","description":"Enable or disable reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts: Guest account status","description":"Specifies whether the local Guest account @@ -8210,8 +12619,7 @@ interactions: Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."},"defaultValue":"1"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect + retention period (days) for resource logs"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect for policy: [Only secure connections to your Redis Cache should be enabled]","description":"Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Effect for policy: [Secure transfer to storage accounts should be enabled]","description":"Azure @@ -8279,7 +12687,7 @@ interactions: Detect application installations and prompt for elevation","description":"Specifies the behavior of application installation detection for the computer."},"defaultValue":"1"},"uacRunAllAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC: Run all administrators in Admin Approval Mode","description":"Specifies the - behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["hipaa-1205.09aa2System.1-09.aa"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["hipaa-0302.09o2Organizational.1-09.o"]},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["hipaa-0301.09o1Organizational.123-09.o"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}},"groupNames":["hipaa-0635.10k1Organizational.12-10.k","hipaa-0636.10k2Organizational.1-10.k","hipaa-0637.10k2Organizational.2-10.k","hipaa-0638.10k2Organizational.34569-10.k","hipaa-0639.10k2Organizational.78-10.k","hipaa-0640.10k2Organizational.1012-10.k","hipaa-0641.10k2Organizational.11-10.k","hipaa-0642.10k3Organizational.12-10.k","hipaa-0643.10k3Organizational.3-10.k","hipaa-0644.10k3Organizational.4-10.k"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["hipaa-1634.12b1Organizational.1-12.b","hipaa-1638.12b2Organizational.345-12.b"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0710.10m2Organizational.1-10.m","hipaa-0719.10m3Organizational.5-10.m"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0712.10m2Organizational.4-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m"]},{"policyDefinitionReferenceId":"AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0914.09s1Organizational.6-09.s","hipaa-1196.01l3Organizational.24-01.l"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["hipaa-0835.09n1Organizational.1-09.n"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0866.09m3Organizational.1516-09.m"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j","hipaa-0607.10h2System.23-10.h","hipaa-1197.01l3Organizational.3-01.l"]},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}},"groupNames":["hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"groupNames":["hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0912.09s1Organizational.4-09.s","hipaa-1194.01l2Organizational.2-01.l"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"groupNames":["hipaa-0945.09y1Organizational.3-09.y"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1404.05i2Organizational.1-05.i"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1117.01j1Organizational.23-01.j","hipaa-1173.01j1Organizational.6-01.j","hipaa-1177.01j2Organizational.6-01.j","hipaa-11110.01q1Organizational.6-01.q"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m","hipaa-11180.01c3System.6-01.c","hipaa-1119.01j2Organizational.3-01.j","hipaa-1175.01j1Organizational.8-01.j","hipaa-1179.01j3Organizational.1-01.j","hipaa-1192.01l1Organizational.1-01.l"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1116.01j1Organizational.145-01.j","hipaa-1121.01j3Organizational.2-01.j","hipaa-1176.01j2Organizational.5-01.j","hipaa-11109.01q1Organizational.57-01.q"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["hipaa-1149.01c2System.9-01.c","hipaa-1153.01c3System.35-01.c","hipaa-1229.09c1Organizational.1-09.c"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}},"groupNames":["hipaa-1148.01c2System.78-01.c"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["hipaa-1143.01c1System.123-01.c","hipaa-1150.01c2System.10-01.c","hipaa-1193.01l2Organizational.13-01.l"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["hipaa-0607.10h2System.23-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0714.10m2Organizational.7-10.m","hipaa-0717.10m3Organizational.2-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["hipaa-1206.09aa2System.23-09.aa"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"groupNames":["hipaa-1637.12b2Organizational.2-12.b"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["hipaa-1620.09l1Organizational.8-09.l","hipaa-1625.09l3Organizational.34-09.l","hipaa-1699.09l1Organizational.10-09.l"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{},"groupNames":["hipaa-0836.09.n2Organizational.1-09.n","hipaa-0885.09n2Organizational.3-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["hipaa-0902.09s2Organizational.13-09.s","hipaa-0960.09sCSPOrganizational.1-09.s"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0859.09m1Organizational.78-09.m"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["hipaa-1145.01c2System.1-01.c","hipaa-1152.01c3System.2-01.c","hipaa-11208.01q1Organizational.8-01.q"]},{"policyDefinitionReferenceId":"keyVaultObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["hipaa-0913.09s1Organizational.5-09.s","hipaa-1325.09s1Organizational.3-09.s","hipaa-1195.01l3Organizational.1-01.l"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["hipaa-1619.09l1Organizational.7-09.l","hipaa-1624.09l3Organizational.12-09.l","hipaa-1627.09l3Organizational.6-09.l"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["hipaa-1276.09c2Organizational.2-09.c","hipaa-1278.09c2Organizational.56-09.c"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}},"groupNames":["hipaa-11210.01q2Organizational.10-01.q","hipaa-1125.01q2System.1-01.q"]},{"policyDefinitionReferenceId":"azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["hipaa-1212.09ab1System.1-09.ab","hipaa-1219.09ab3System.10-09.ab"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0946.09y2Organizational.14-09.y","hipaa-1451.05iCSPOrganizational.2-05.i"]},{"policyDefinitionReferenceId":"serviceBusShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"unattachedDisksShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["hipaa-0303.09o2Organizational.2-09.o"]},{"policyDefinitionReferenceId":"appServiceShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{},"groupNames":["hipaa-0835.09n1Organizational.1-09.n","hipaa-0887.09n2Organizational.5-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1203.09aa1System.2-09.aa"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["hipaa-0911.09s1Organizational.2-09.s"]},{"policyDefinitionReferenceId":"gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m"]},{"policyDefinitionReferenceId":"diagnosticLogsInIoTHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1204.09aa1System.3-09.aa"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0943.09y1Organizational.1-09.y","hipaa-1401.05i1Organizational.1239-05.i"]},{"policyDefinitionReferenceId":"azureMonitorShouldCollectActivityLogsFromAllRegions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["hipaa-1120.09ab3System.9-09.ab","hipaa-1214.09ab2System.3456-09.ab"]},{"policyDefinitionReferenceId":"automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["hipaa-1213.09ab2System.128-09.ab","hipaa-1220.09ab3System.56-09.ab"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["hipaa-1618.09l1Organizational.45-09.l","hipaa-1623.09l2Organizational.4-09.l","hipaa-1626.09l3Organizational.5-09.l"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["hipaa-1144.01c1System.4-01.c","hipaa-1151.01c3System.1-01.c","hipaa-1154.01c3System.4-01.c","hipaa-11112.01q2Organizational.67-01.q"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0711.10m2Organizational.23-10.m"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["hipaa-0901.09s1Organizational.1-09.s","hipaa-0916.09s2Organizational.4-09.s"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificates(IncomingClientCertificates)SetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["hipaa-0662.09sCSPOrganizational.2-09.s","hipaa-0915.09s2Organizational.2-09.s"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0867.09m3Organizational.17-09.m"]},{"policyDefinitionReferenceId":"auditWindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"workspaceId":{"value":"[parameters(''workspaceId'')]"}},"groupNames":["hipaa-12102.09ab1Organizational.4-09.ab","hipaa-1217.09ab3System.3-09.ab"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1402.05i1Organizational.45-05.i"]},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''usersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''usersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''usersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''usersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''usersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''usersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''usersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''usersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''userAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''usersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''usersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"groupNames":["hipaa-1232.09c3Organizational.12-09.c"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["hipaa-1617.09l1Organizational.23-09.l","hipaa-1622.09l2Organizational.23-09.l"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}},"groupNames":["hipaa-11211.01q2Organizational.11-01.q","hipaa-1127.01q2System.3-01.q"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["hipaa-1148.01c2System.78-01.c","hipaa-1230.09c2Organizational.1-09.c"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1403.05i1Organizational.67-05.i"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["hipaa-12100.09ab2System.15-09.ab","hipaa-1215.09ab2System.7-09.ab"]},{"policyDefinitionReferenceId":"sqlServerShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0862.09m2Organizational.8-09.m"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["hipaa-1209.09aa3System.2-09.aa"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["hipaa-0837.09.n2Organizational.2-09.n","hipaa-0886.09n2Organizational.4-09.n","hipaa-0888.09n2Organizational.6-09.n"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"members":{"value":"[parameters(''members'')]"}},"groupNames":["hipaa-1123.01q1System.2-01.q"]},{"policyDefinitionReferenceId":"auditSpecificAdministrativeOperationsWithoutActivityLogAlerts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"[parameters(''operationName'')]"}},"groupNames":["hipaa-1270.09ad1System.12-09.ad","hipaa-1271.09ad1System.1-09.ad"]},{"policyDefinitionReferenceId":"microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"containerRegistryShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0868.09m3Organizational.18-09.m","hipaa-0869.09m3Organizational.19-09.m","hipaa-0870.09m3Organizational.20-09.m","hipaa-0871.09m3Organizational.22-09.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0947.09y2Organizational.2-09.y","hipaa-1450.05i2Organizational.2-05.i"]},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["hipaa-1616.09l1Organizational.16-09.l","hipaa-1621.09l2Organizational.1-09.l"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"effect":{"value":"[parameters(''virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect'')]"},"virtualNetworkId":{"value":"[parameters(''virtualNetworkId'')]"}},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"eventHubShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0863.09m2Organizational.910-09.m"]},{"policyDefinitionReferenceId":"cosmosDBShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0864.09m2Organizational.12-09.m"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["hipaa-0605.10h1System.12-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0713.10m2Organizational.5-10.m","hipaa-0718.10m3Organizational.34-10.m"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["hipaa-1118.01j2Organizational.124-01.j","hipaa-1174.01j1Organizational.7-01.j","hipaa-1178.01j2Organizational.7-01.j","hipaa-11111.01q2System.4-01.q"]},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"uacAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''uacAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"uacDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''uacDetectApplicationInstallationsAndPromptForElevation'')]"},"uacRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacRunAllAdministratorsInAdminApprovalMode'')]"}},"groupNames":["hipaa-1277.09c2Organizational.4-09.c"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0948.09y2Organizational.3-09.y","hipaa-1418.05i1Organizational.8-05.i"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["hipaa-0606.10h2System.1-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0715.10m2Organizational.8-10.m"]},{"policyDefinitionReferenceId":"keyVaultShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0865.09m2Organizational.13-09.m"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["hipaa-1147.01c2System.456-01.c"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["hipaa-12101.09ab1Organizational.3-09.ab","hipaa-1216.09ab3System.12-09.ab"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["hipaa-1146.01c2System.23-01.c"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0716.10m3Organizational.1-10.m"]}],"policyDefinitionGroups":[{"name":"hipaa-0101.00a1Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"},{"name":"hipaa-0102.00a2Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"},{"name":"hipaa-0103.00a3Organizational.1234567-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"},{"name":"hipaa-0104.02a1Organizational.12-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"},{"name":"hipaa-0105.02a2Organizational.1-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"},{"name":"hipaa-0106.02a2Organizational.23-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"},{"name":"hipaa-0107.02d1Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"},{"name":"hipaa-0108.02d1Organizational.23-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"},{"name":"hipaa-0109.02d1Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"},{"name":"hipaa-0110.02d2Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"},{"name":"hipaa-0111.02d2Organizational.2-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"},{"name":"hipaa-01110.05a1Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"},{"name":"hipaa-01111.05a2Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"},{"name":"hipaa-0112.02d2Organizational.3-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"},{"name":"hipaa-0113.04a1Organizational.123-04.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"},{"name":"hipaa-0114.04b1Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"},{"name":"hipaa-0115.04b2Organizational.123-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"},{"name":"hipaa-0116.04b3Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"},{"name":"hipaa-0117.05a1Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"},{"name":"hipaa-0118.05a1Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"},{"name":"hipaa-0119.05a1Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"},{"name":"hipaa-0120.05a1Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"},{"name":"hipaa-0121.05a2Organizational.12-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"},{"name":"hipaa-0122.05a2Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"},{"name":"hipaa-0123.05a2Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"},{"name":"hipaa-0124.05a3Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"},{"name":"hipaa-0125.05a3Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"},{"name":"hipaa-0135.02f1Organizational.56-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"},{"name":"hipaa-0137.02a1Organizational.3-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"},{"name":"hipaa-0162.04b1Organizational.2-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"},{"name":"hipaa-0165.05a3Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"},{"name":"hipaa-0177.05h1Organizational.12-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"},{"name":"hipaa-0178.05h1Organizational.3-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"},{"name":"hipaa-0179.05h1Organizational.4-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"},{"name":"hipaa-0180.05h2Organizational.1-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"},{"name":"hipaa-0197.02d2Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"},{"name":"hipaa-0201.09j1Organizational.124-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"},{"name":"hipaa-0202.09j1Organizational.3-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"},{"name":"hipaa-0204.09j2Organizational.1-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"},{"name":"hipaa-0205.09j2Organizational.2-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"},{"name":"hipaa-0206.09j2Organizational.34-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"},{"name":"hipaa-0207.09j2Organizational.56-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"},{"name":"hipaa-0208.09j2Organizational.7-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"},{"name":"hipaa-0209.09m3Organizational.7-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"},{"name":"hipaa-0214.09j1Organizational.6-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"},{"name":"hipaa-0215.09j2Organizational.8-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"},{"name":"hipaa-0216.09j2Organizational.9-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"},{"name":"hipaa-0217.09j2Organizational.10-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"},{"name":"hipaa-0219.09j2Organizational.12-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"},{"name":"hipaa-0225.09k1Organizational.1-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"},{"name":"hipaa-0226.09k1Organizational.2-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"},{"name":"hipaa-0227.09k2Organizational.12-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"},{"name":"hipaa-0228.09k2Organizational.3-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"},{"name":"hipaa-0301.09o1Organizational.123-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"},{"name":"hipaa-0302.09o2Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"},{"name":"hipaa-0303.09o2Organizational.2-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"},{"name":"hipaa-0304.09o3Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"},{"name":"hipaa-0305.09q1Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"},{"name":"hipaa-0306.09q1Organizational.3-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"},{"name":"hipaa-0307.09q2Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"},{"name":"hipaa-0308.09q3Organizational.1-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"},{"name":"hipaa-0314.09q3Organizational.2-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"},{"name":"hipaa-0401.01x1System.124579-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"},{"name":"hipaa-0403.01x1System.8-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"},{"name":"hipaa-0404.01x1System.1011-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"},{"name":"hipaa-0405.01y1Organizational.12345678-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"},{"name":"hipaa-0407.01y2Organizational.1-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"},{"name":"hipaa-0408.01y3Organizational.12-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"},{"name":"hipaa-0409.01y3Organizational.3-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"},{"name":"hipaa-0410.01x1System.12-01.xMobileComputingandCommunications","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"},{"name":"hipaa-0415.01y1Organizational.10-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"},{"name":"hipaa-0416.01y3Organizational.4-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"},{"name":"hipaa-0417.01y3Organizational.5-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"},{"name":"hipaa-0425.01x1System.13-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"},{"name":"hipaa-0426.01x2System.1-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"},{"name":"hipaa-0427.01x2System.2-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"},{"name":"hipaa-0428.01x2System.3-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"},{"name":"hipaa-0429.01x1System.14-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"},{"name":"hipaa-0501.09m1Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"},{"name":"hipaa-0502.09m1Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"},{"name":"hipaa-0503.09m1Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"},{"name":"hipaa-0504.09m2Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"},{"name":"hipaa-0505.09m2Organizational.3-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"},{"name":"hipaa-0601.06g1Organizational.124-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"},{"name":"hipaa-0602.06g1Organizational.3-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"},{"name":"hipaa-0603.06g2Organizational.1-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"},{"name":"hipaa-0604.06g2Organizational.2-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"},{"name":"hipaa-0605.10h1System.12-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"},{"name":"hipaa-0606.10h2System.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"},{"name":"hipaa-0607.10h2System.23-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"},{"name":"hipaa-0613.06h1Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"},{"name":"hipaa-0614.06h2Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"},{"name":"hipaa-0615.06h2Organizational.3-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"},{"name":"hipaa-0618.09b1System.1-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"},{"name":"hipaa-0619.09b2System.12-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"},{"name":"hipaa-0620.09b2System.3-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"},{"name":"hipaa-0626.10h1System.3-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"},{"name":"hipaa-0627.10h1System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"},{"name":"hipaa-0628.10h1System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"},{"name":"hipaa-0629.10h2System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"},{"name":"hipaa-0630.10h2System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"},{"name":"hipaa-0635.10k1Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"},{"name":"hipaa-0636.10k2Organizational.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"},{"name":"hipaa-0637.10k2Organizational.2-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"},{"name":"hipaa-0638.10k2Organizational.34569-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"},{"name":"hipaa-0639.10k2Organizational.78-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"},{"name":"hipaa-0640.10k2Organizational.1012-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"},{"name":"hipaa-0641.10k2Organizational.11-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"},{"name":"hipaa-0642.10k3Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"},{"name":"hipaa-0643.10k3Organizational.3-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"},{"name":"hipaa-0644.10k3Organizational.4-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"},{"name":"hipaa-0662.09sCSPOrganizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"},{"name":"hipaa-0663.10h1System.7-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"},{"name":"hipaa-0663.10h2Organizational.9-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"},{"name":"hipaa-0664.10h2Organizational.10-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"},{"name":"hipaa-0669.10hCSPSystem.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"},{"name":"hipaa-0670.10hCSPSystem.2-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"},{"name":"hipaa-0671.10k1System.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"},{"name":"hipaa-0672.10k3System.5-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"},{"name":"hipaa-068.06g2Organizational.34-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"},{"name":"hipaa-069.06g2Organizational.56-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"},{"name":"hipaa-0701.07a1Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"},{"name":"hipaa-0702.07a1Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"},{"name":"hipaa-0703.07a2Organizational.1-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"},{"name":"hipaa-0704.07a3Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"},{"name":"hipaa-0705.07a3Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"},{"name":"hipaa-0706.10b1System.12-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"},{"name":"hipaa-0707.10b2System.1-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"},{"name":"hipaa-0708.10b2System.2-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"},{"name":"hipaa-0709.10m1Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"},{"name":"hipaa-0710.10m2Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"},{"name":"hipaa-0711.10m2Organizational.23-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"},{"name":"hipaa-0712.10m2Organizational.4-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"},{"name":"hipaa-0713.10m2Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"},{"name":"hipaa-0714.10m2Organizational.7-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"},{"name":"hipaa-0715.10m2Organizational.8-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"},{"name":"hipaa-0716.10m3Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"},{"name":"hipaa-0717.10m3Organizational.2-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"},{"name":"hipaa-0718.10m3Organizational.34-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"},{"name":"hipaa-0719.10m3Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"},{"name":"hipaa-0720.07a1Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"},{"name":"hipaa-0721.07a1Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"},{"name":"hipaa-0722.07a1Organizational.67-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"},{"name":"hipaa-0723.07a1Organizational.8-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"},{"name":"hipaa-0724.07a3Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"},{"name":"hipaa-0725.07a3Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"},{"name":"hipaa-0733.10b2System.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"},{"name":"hipaa-0786.10m2Organizational.13-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"},{"name":"hipaa-0787.10m2Organizational.14-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"},{"name":"hipaa-0788.10m3Organizational.20-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"},{"name":"hipaa-0789.10m3Organizational.21-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"},{"name":"hipaa-0790.10m3Organizational.22-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"},{"name":"hipaa-0791.10b2Organizational.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"},{"name":"hipaa-0805.01m1Organizational.12-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"},{"name":"hipaa-0806.01m2Organizational.12356-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"},{"name":"hipaa-0808.10b2System.3-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"},{"name":"hipaa-0809.01n2Organizational.1234-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"},{"name":"hipaa-0810.01n2Organizational.5-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"},{"name":"hipaa-08101.09m2Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"},{"name":"hipaa-08102.09nCSPOrganizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"},{"name":"hipaa-0811.01n2Organizational.6-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"},{"name":"hipaa-0812.01n2Organizational.8-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"},{"name":"hipaa-0814.01n1Organizational.12-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"},{"name":"hipaa-0815.01o2Organizational.123-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"},{"name":"hipaa-0816.01w1System.1-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"},{"name":"hipaa-0817.01w2System.123-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"},{"name":"hipaa-0818.01w3System.12-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"},{"name":"hipaa-0819.09m1Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"},{"name":"hipaa-0820.09m2Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"},{"name":"hipaa-0821.09m2Organizational.2-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"},{"name":"hipaa-0822.09m2Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"},{"name":"hipaa-0824.09m3Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"},{"name":"hipaa-0825.09m3Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"},{"name":"hipaa-0826.09m3Organizational.45-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"},{"name":"hipaa-0827.09m3Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"},{"name":"hipaa-0828.09m3Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"},{"name":"hipaa-0829.09m3Organizational.911-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"},{"name":"hipaa-0830.09m3Organizational.1012-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"},{"name":"hipaa-0832.09m3Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"},{"name":"hipaa-0835.09n1Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"},{"name":"hipaa-0836.09.n2Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"},{"name":"hipaa-0837.09.n2Organizational.2-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"},{"name":"hipaa-0850.01o1Organizational.12-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"},{"name":"hipaa-0858.09m1Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"},{"name":"hipaa-0859.09m1Organizational.78-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"},{"name":"hipaa-0860.09m1Organizational.9-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"},{"name":"hipaa-0861.09m2Organizational.67-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"},{"name":"hipaa-0862.09m2Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"},{"name":"hipaa-0863.09m2Organizational.910-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"},{"name":"hipaa-0864.09m2Organizational.12-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"},{"name":"hipaa-0865.09m2Organizational.13-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"},{"name":"hipaa-0866.09m3Organizational.1516-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"},{"name":"hipaa-0867.09m3Organizational.17-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"},{"name":"hipaa-0868.09m3Organizational.18-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"},{"name":"hipaa-0869.09m3Organizational.19-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"},{"name":"hipaa-0870.09m3Organizational.20-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"},{"name":"hipaa-0871.09m3Organizational.22-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"},{"name":"hipaa-0885.09n2Organizational.3-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"},{"name":"hipaa-0886.09n2Organizational.4-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"},{"name":"hipaa-0887.09n2Organizational.5-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"},{"name":"hipaa-0888.09n2Organizational.6-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"},{"name":"hipaa-0894.01m2Organizational.7-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"},{"name":"hipaa-0901.09s1Organizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"},{"name":"hipaa-0902.09s2Organizational.13-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"},{"name":"hipaa-0903.10f1Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"},{"name":"hipaa-0904.10f2Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"},{"name":"hipaa-0911.09s1Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"},{"name":"hipaa-0912.09s1Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"},{"name":"hipaa-0913.09s1Organizational.5-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"},{"name":"hipaa-0914.09s1Organizational.6-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"},{"name":"hipaa-0915.09s2Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"},{"name":"hipaa-0916.09s2Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"},{"name":"hipaa-0925.09v1Organizational.1-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"},{"name":"hipaa-0926.09v1Organizational.2-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"},{"name":"hipaa-0927.09v1Organizational.3-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"},{"name":"hipaa-0928.09v1Organizational.45-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"},{"name":"hipaa-0929.09v1Organizational.6-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"},{"name":"hipaa-0938.09x1Organizational.1-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"},{"name":"hipaa-0939.09x2Organizational.12-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"},{"name":"hipaa-0940.09x2Organizational.3-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"},{"name":"hipaa-0941.09x2Organizational.4-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"},{"name":"hipaa-0942.09x2Organizational.5-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"},{"name":"hipaa-0943.09y1Organizational.1-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"},{"name":"hipaa-0944.09y1Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"},{"name":"hipaa-0945.09y1Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"},{"name":"hipaa-0946.09y2Organizational.14-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"},{"name":"hipaa-0947.09y2Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"},{"name":"hipaa-0948.09y2Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"},{"name":"hipaa-0949.09y2Organizational.5-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"},{"name":"hipaa-0960.09sCSPOrganizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"},{"name":"hipaa-0961.09v1Organizational.7-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"},{"name":"hipaa-099.09m2Organizational.11-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"},{"name":"hipaa-1002.01d1System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"},{"name":"hipaa-1003.01d1System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"},{"name":"hipaa-1004.01d1System.8913-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"},{"name":"hipaa-1005.01d1System.1011-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"},{"name":"hipaa-1006.01d2System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"},{"name":"hipaa-1007.01d2System.2-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"},{"name":"hipaa-1008.01d2System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"},{"name":"hipaa-1009.01d2System.4-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"},{"name":"hipaa-1010.01d2System.5-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"},{"name":"hipaa-1014.01d1System.12-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"},{"name":"hipaa-1015.01d1System.14-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"},{"name":"hipaa-1022.01d1System.15-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"},{"name":"hipaa-1027.01d2System.6-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"},{"name":"hipaa-1031.01d1System.34510-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"},{"name":"hipaa-1106.01b1System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"},{"name":"hipaa-1107.01b1System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"},{"name":"hipaa-1108.01b1System.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"},{"name":"hipaa-1109.01b1System.479-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"},{"name":"hipaa-1110.01b1System.5-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"},{"name":"hipaa-11109.01q1Organizational.57-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"},{"name":"hipaa-1111.01b2System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"},{"name":"hipaa-11110.01q1Organizational.6-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"},{"name":"hipaa-11111.01q2System.4-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"},{"name":"hipaa-11112.01q2Organizational.67-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"},{"name":"hipaa-1112.01b2System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"},{"name":"hipaa-11126.01t1Organizational.12-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"},{"name":"hipaa-1114.01h1Organizational.123-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"},{"name":"hipaa-1115.01h1Organizational.45-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"},{"name":"hipaa-11154.02i1Organizational.5-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"},{"name":"hipaa-11155.02i2Organizational.2-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"},{"name":"hipaa-1116.01j1Organizational.145-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"},{"name":"hipaa-1117.01j1Organizational.23-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"},{"name":"hipaa-1118.01j2Organizational.124-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"},{"name":"hipaa-11180.01c3System.6-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"},{"name":"hipaa-1119.01j2Organizational.3-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"},{"name":"hipaa-11190.01t1Organizational.3-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"},{"name":"hipaa-1120.09ab3System.9-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"},{"name":"hipaa-11200.01b2Organizational.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"},{"name":"hipaa-11208.01q1Organizational.8-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"},{"name":"hipaa-11209.01q2Organizational.9-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"},{"name":"hipaa-1121.01j3Organizational.2-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"},{"name":"hipaa-11210.01q2Organizational.10-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"},{"name":"hipaa-11211.01q2Organizational.11-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"},{"name":"hipaa-11219.01b1Organizational.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"},{"name":"hipaa-1122.01q1System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"},{"name":"hipaa-11220.01b1System.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"},{"name":"hipaa-1123.01q1System.2-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"},{"name":"hipaa-1124.01q1System.34-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"},{"name":"hipaa-1125.01q2System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"},{"name":"hipaa-1127.01q2System.3-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"},{"name":"hipaa-1128.01q2System.5-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"},{"name":"hipaa-1129.01v1System.12-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"},{"name":"hipaa-1130.01v2System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"},{"name":"hipaa-1131.01v2System.2-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"},{"name":"hipaa-1132.01v2System.3-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"},{"name":"hipaa-1133.01v2System.4-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"},{"name":"hipaa-1134.01v3System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"},{"name":"hipaa-1135.02i1Organizational.1234-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"},{"name":"hipaa-1136.02i2Organizational.1-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"},{"name":"hipaa-1137.06e1Organizational.1-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"},{"name":"hipaa-1138.06e2Organizational.12-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"},{"name":"hipaa-1139.01b1System.68-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"},{"name":"hipaa-1143.01c1System.123-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"},{"name":"hipaa-1144.01c1System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"},{"name":"hipaa-1145.01c2System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"},{"name":"hipaa-1146.01c2System.23-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"},{"name":"hipaa-1147.01c2System.456-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"},{"name":"hipaa-1148.01c2System.78-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"},{"name":"hipaa-1149.01c2System.9-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"},{"name":"hipaa-1150.01c2System.10-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"},{"name":"hipaa-1151.01c3System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"},{"name":"hipaa-1152.01c3System.2-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"},{"name":"hipaa-1153.01c3System.35-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"},{"name":"hipaa-1154.01c3System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"},{"name":"hipaa-1166.01e1System.12-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"},{"name":"hipaa-1167.01e2System.1-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"},{"name":"hipaa-1168.01e2System.2-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"},{"name":"hipaa-1173.01j1Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"},{"name":"hipaa-1174.01j1Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"},{"name":"hipaa-1175.01j1Organizational.8-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"},{"name":"hipaa-1176.01j2Organizational.5-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"},{"name":"hipaa-1177.01j2Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"},{"name":"hipaa-1178.01j2Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"},{"name":"hipaa-1179.01j3Organizational.1-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"},{"name":"hipaa-1192.01l1Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"},{"name":"hipaa-1193.01l2Organizational.13-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"},{"name":"hipaa-1194.01l2Organizational.2-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"},{"name":"hipaa-1195.01l3Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"},{"name":"hipaa-1196.01l3Organizational.24-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"},{"name":"hipaa-1197.01l3Organizational.3-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"},{"name":"hipaa-1201.06e1Organizational.2-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"},{"name":"hipaa-1202.09aa1System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"},{"name":"hipaa-1203.09aa1System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"},{"name":"hipaa-1204.09aa1System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"},{"name":"hipaa-1205.09aa2System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"},{"name":"hipaa-1206.09aa2System.23-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"},{"name":"hipaa-1207.09aa2System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"},{"name":"hipaa-1208.09aa3System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"},{"name":"hipaa-1209.09aa3System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"},{"name":"hipaa-1210.09aa3System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"},{"name":"hipaa-12100.09ab2System.15-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"},{"name":"hipaa-12101.09ab1Organizational.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"},{"name":"hipaa-12102.09ab1Organizational.4-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"},{"name":"hipaa-12103.09ab1Organizational.5-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"},{"name":"hipaa-1211.09aa3System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"},{"name":"hipaa-1212.09ab1System.1-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"},{"name":"hipaa-1213.09ab2System.128-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"},{"name":"hipaa-1214.09ab2System.3456-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"},{"name":"hipaa-1215.09ab2System.7-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"},{"name":"hipaa-1216.09ab3System.12-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"},{"name":"hipaa-1217.09ab3System.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"},{"name":"hipaa-1218.09ab3System.47-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"},{"name":"hipaa-1219.09ab3System.10-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"},{"name":"hipaa-1220.09ab3System.56-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"},{"name":"hipaa-1222.09ab3System.8-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"},{"name":"hipaa-1229.09c1Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"},{"name":"hipaa-1230.09c2Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"},{"name":"hipaa-1231.09c2Organizational.23-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"},{"name":"hipaa-1232.09c3Organizational.12-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"},{"name":"hipaa-1233.09c3Organizational.3-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"},{"name":"hipaa-1270.09ad1System.12-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"},{"name":"hipaa-1271.09ad1System.1-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"},{"name":"hipaa-1276.09c2Organizational.2-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"},{"name":"hipaa-1277.09c2Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"},{"name":"hipaa-1278.09c2Organizational.56-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"},{"name":"hipaa-1279.09c3Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"},{"name":"hipaa-1301.02e1Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"},{"name":"hipaa-1302.02e2Organizational.134-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"},{"name":"hipaa-1303.02e2Organizational.2-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"},{"name":"hipaa-1304.02e3Organizational.1-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"},{"name":"hipaa-1305.02e3Organizational.23-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"},{"name":"hipaa-1306.06e1Organizational.5-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"},{"name":"hipaa-1307.07c1Organizational.124-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"},{"name":"hipaa-1308.09j1Organizational.5-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"},{"name":"hipaa-1309.01x1System.36-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"},{"name":"hipaa-1310.01y1Organizational.9-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"},{"name":"hipaa-1311.12c2Organizational.3-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"},{"name":"hipaa-1313.02e1Organizational.3-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"},{"name":"hipaa-1314.02e2Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"},{"name":"hipaa-1315.02e2Organizational.67-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"},{"name":"hipaa-1324.07c1Organizational.3-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"},{"name":"hipaa-1325.09s1Organizational.3-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"},{"name":"hipaa-1326.02e1Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"},{"name":"hipaa-1327.02e2Organizational.8-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"},{"name":"hipaa-1331.02e3Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"},{"name":"hipaa-1334.02e2Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"},{"name":"hipaa-1336.02e1Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"},{"name":"hipaa-1401.05i1Organizational.1239-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"},{"name":"hipaa-1402.05i1Organizational.45-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"},{"name":"hipaa-1403.05i1Organizational.67-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"},{"name":"hipaa-1404.05i2Organizational.1-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"},{"name":"hipaa-1406.05k1Organizational.110-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"},{"name":"hipaa-1407.05k2Organizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"},{"name":"hipaa-1408.09e1System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"},{"name":"hipaa-1409.09e2System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"},{"name":"hipaa-1410.09e2System.23-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"},{"name":"hipaa-1411.09f1System.1-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"},{"name":"hipaa-1412.09f2System.12-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"},{"name":"hipaa-1413.09f2System.3-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"},{"name":"hipaa-1416.10l1Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"},{"name":"hipaa-1417.10l2Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"},{"name":"hipaa-1418.05i1Organizational.8-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"},{"name":"hipaa-1419.05j1Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"},{"name":"hipaa-1421.05j2Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"},{"name":"hipaa-1422.05j2Organizational.3-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"},{"name":"hipaa-1423.05j2Organizational.4-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"},{"name":"hipaa-1424.05j2Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"},{"name":"hipaa-1428.05k1Organizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"},{"name":"hipaa-1429.05k1Organizational.34-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"},{"name":"hipaa-1430.05k1Organizational.56-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"},{"name":"hipaa-1431.05k1Organizational.7-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"},{"name":"hipaa-1432.05k1Organizational.89-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"},{"name":"hipaa-1438.09e2System.4-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"},{"name":"hipaa-1442.09f2System.456-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"},{"name":"hipaa-1450.05i2Organizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"},{"name":"hipaa-1451.05iCSPOrganizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"},{"name":"hipaa-1452.05kCSPOrganizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"},{"name":"hipaa-1453.05kCSPOrganizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"},{"name":"hipaa-1454.05kCSPOrganizational.3-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"},{"name":"hipaa-1455.05kCSPOrganizational.4-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"},{"name":"hipaa-1464.09e2Organizational.5-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"},{"name":"hipaa-1501.02f1Organizational.123-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"},{"name":"hipaa-1502.02f1Organizational.4-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"},{"name":"hipaa-1503.02f2Organizational.12-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"},{"name":"hipaa-1504.06e1Organizational.34-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"},{"name":"hipaa-1505.11a1Organizational.13-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"},{"name":"hipaa-1506.11a1Organizational.2-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"},{"name":"hipaa-1507.11a1Organizational.4-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"},{"name":"hipaa-1508.11a2Organizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"},{"name":"hipaa-1509.11a2Organizational.236-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"},{"name":"hipaa-1510.11a2Organizational.47-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"},{"name":"hipaa-1511.11a2Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"},{"name":"hipaa-1512.11a2Organizational.8-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"},{"name":"hipaa-1514.11a3Organizational.12-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"},{"name":"hipaa-1515.11a3Organizational.3-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"},{"name":"hipaa-1516.11c1Organizational.12-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"},{"name":"hipaa-1517.11c1Organizational.3-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"},{"name":"hipaa-1518.11c2Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"},{"name":"hipaa-1519.11c2Organizational.2-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"},{"name":"hipaa-1520.11c2Organizational.4-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"},{"name":"hipaa-1521.11c2Organizational.56-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"},{"name":"hipaa-1522.11c3Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"},{"name":"hipaa-1523.11c3Organizational.24-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"},{"name":"hipaa-1524.11a1Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"},{"name":"hipaa-1525.11a1Organizational.6-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"},{"name":"hipaa-1560.11d1Organizational.1-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"},{"name":"hipaa-1561.11d2Organizational.14-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"},{"name":"hipaa-1562.11d2Organizational.2-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"},{"name":"hipaa-1563.11d2Organizational.3-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"},{"name":"hipaa-1577.11aCSPOrganizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"},{"name":"hipaa-1581.02f1Organizational.7-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"},{"name":"hipaa-1587.11c2Organizational.10-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"},{"name":"hipaa-1589.11c1Organizational.5-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"},{"name":"hipaa-1601.12c1Organizational.1238-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"},{"name":"hipaa-1602.12c1Organizational.4567-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"},{"name":"hipaa-1603.12c1Organizational.9-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"},{"name":"hipaa-1604.12c2Organizational.16789-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"},{"name":"hipaa-1605.12c2Organizational.2-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"},{"name":"hipaa-1607.12c2Organizational.4-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"},{"name":"hipaa-1608.12c2Organizational.5-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"},{"name":"hipaa-1609.12c3Organizational.12-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"},{"name":"hipaa-1616.09l1Organizational.16-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"},{"name":"hipaa-1617.09l1Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"},{"name":"hipaa-1618.09l1Organizational.45-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"},{"name":"hipaa-1619.09l1Organizational.7-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"},{"name":"hipaa-1620.09l1Organizational.8-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"},{"name":"hipaa-1621.09l2Organizational.1-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"},{"name":"hipaa-1622.09l2Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"},{"name":"hipaa-1623.09l2Organizational.4-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"},{"name":"hipaa-1624.09l3Organizational.12-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"},{"name":"hipaa-1625.09l3Organizational.34-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"},{"name":"hipaa-1626.09l3Organizational.5-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"},{"name":"hipaa-1627.09l3Organizational.6-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"},{"name":"hipaa-1634.12b1Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"},{"name":"hipaa-1635.12b1Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"},{"name":"hipaa-1636.12b2Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"},{"name":"hipaa-1637.12b2Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"},{"name":"hipaa-1638.12b2Organizational.345-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"},{"name":"hipaa-1666.12d1Organizational.1235-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"},{"name":"hipaa-1667.12d1Organizational.4-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"},{"name":"hipaa-1668.12d1Organizational.67-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"},{"name":"hipaa-1669.12d1Organizational.8-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"},{"name":"hipaa-1670.12d2Organizational.1-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"},{"name":"hipaa-1671.12d2Organizational.2-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"},{"name":"hipaa-1672.12d2Organizational.3-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"},{"name":"hipaa-1699.09l1Organizational.10-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"},{"name":"hipaa-1704.03b1Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"},{"name":"hipaa-1705.03b2Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"},{"name":"hipaa-1706.03b1Organizational.3-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"},{"name":"hipaa-1707.03c1Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"},{"name":"hipaa-1708.03c2Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"},{"name":"hipaa-17101.10a3Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"},{"name":"hipaa-17120.10a3Organizational.5-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"},{"name":"hipaa-17126.03c1System.6-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"},{"name":"hipaa-1713.03c1Organizational.3-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"},{"name":"hipaa-1733.03d1Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"},{"name":"hipaa-1734.03d2Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"},{"name":"hipaa-1735.03d2Organizational.23-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"},{"name":"hipaa-1736.03d2Organizational.4-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"},{"name":"hipaa-1737.03d2Organizational.5-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"},{"name":"hipaa-1780.10a1Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"},{"name":"hipaa-1781.10a1Organizational.23-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"},{"name":"hipaa-1782.10a1Organizational.4-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"},{"name":"hipaa-1783.10a1Organizational.56-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"},{"name":"hipaa-1784.10a1Organizational.7-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"},{"name":"hipaa-1785.10a1Organizational.8-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"},{"name":"hipaa-1786.10a1Organizational.9-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"},{"name":"hipaa-1787.10a2Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"},{"name":"hipaa-1788.10a2Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"},{"name":"hipaa-1789.10a2Organizational.3-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"},{"name":"hipaa-1790.10a2Organizational.45-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"},{"name":"hipaa-1791.10a2Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"},{"name":"hipaa-1792.10a2Organizational.7814-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"},{"name":"hipaa-1793.10a2Organizational.91011-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"},{"name":"hipaa-1794.10a2Organizational.12-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"},{"name":"hipaa-1795.10a2Organizational.13-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"},{"name":"hipaa-1796.10a2Organizational.15-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"},{"name":"hipaa-1797.10a3Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"},{"name":"hipaa-1798.10a3Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"},{"name":"hipaa-1799.10a3Organizational.34-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"},{"name":"hipaa-1801.08b1Organizational.124-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"},{"name":"hipaa-1802.08b1Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"},{"name":"hipaa-1803.08b1Organizational.5-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"},{"name":"hipaa-1804.08b2Organizational.12-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"},{"name":"hipaa-1805.08b2Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"},{"name":"hipaa-1806.08b2Organizational.4-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"},{"name":"hipaa-1807.08b2Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"},{"name":"hipaa-1808.08b2Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"},{"name":"hipaa-1809.08b3Organizational.1-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"},{"name":"hipaa-1810.08b3Organizational.2-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"},{"name":"hipaa-18108.08j1Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"},{"name":"hipaa-18109.08j1Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"},{"name":"hipaa-1811.08b3Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"},{"name":"hipaa-18110.08j1Organizational.5-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"},{"name":"hipaa-18111.08j1Organizational.6-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"},{"name":"hipaa-18112.08j3Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"},{"name":"hipaa-1812.08b3Organizational.46-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"},{"name":"hipaa-18127.08l1Organizational.3-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"},{"name":"hipaa-1813.08b3Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"},{"name":"hipaa-18130.09p1Organizational.24-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"},{"name":"hipaa-18131.09p1Organizational.3-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"},{"name":"hipaa-1814.08d1Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"},{"name":"hipaa-18145.08b3Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"},{"name":"hipaa-18146.08b3Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"},{"name":"hipaa-1815.08d2Organizational.123-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"},{"name":"hipaa-1816.08d2Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"},{"name":"hipaa-1817.08d3Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"},{"name":"hipaa-1818.08d3Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"},{"name":"hipaa-1819.08j1Organizational.23-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"},{"name":"hipaa-1820.08j2Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"},{"name":"hipaa-1821.08j2Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"},{"name":"hipaa-1822.08j2Organizational.2-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"},{"name":"hipaa-1823.08j3Organizational.12-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"},{"name":"hipaa-1824.08j3Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"},{"name":"hipaa-1825.08l1Organizational.12456-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"},{"name":"hipaa-1826.09p1Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"},{"name":"hipaa-1827.09p2Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"},{"name":"hipaa-1844.08b1Organizational.6-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"},{"name":"hipaa-1845.08b1Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"},{"name":"hipaa-1846.08b2Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"},{"name":"hipaa-1847.08b2Organizational.910-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"},{"name":"hipaa-1848.08b2Organizational.11-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"},{"name":"hipaa-1862.08d1Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"},{"name":"hipaa-1863.08d1Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"},{"name":"hipaa-1901.06d1Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"},{"name":"hipaa-1902.06d1Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"},{"name":"hipaa-1903.06d1Organizational.3456711-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"},{"name":"hipaa-1904.06.d2Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"},{"name":"hipaa-1906.06.c1Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"},{"name":"hipaa-1907.06.c1Organizational.3-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"},{"name":"hipaa-1908.06.c1Organizational.4-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"},{"name":"hipaa-1911.06d1Organizational.13-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"},{"name":"hipaa-19134.05j1Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"},{"name":"hipaa-19141.06c1Organizational.7-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"},{"name":"hipaa-19142.06c1Organizational.8-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"},{"name":"hipaa-19143.06c1Organizational.9-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"},{"name":"hipaa-19144.06c2Organizational.1-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"},{"name":"hipaa-19145.06c2Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"},{"name":"hipaa-19242.06d1Organizational.14-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"},{"name":"hipaa-19243.06d1Organizational.15-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"},{"name":"hipaa-19245.06d2Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Kubernetes + behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}},"groupNames":["hipaa-1205.09aa2System.1-09.aa"]},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}},"groupNames":["hipaa-0302.09o2Organizational.1-09.o"]},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["hipaa-0301.09o1Organizational.123-09.o"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e"},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6"},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da"},{"policyDefinitionReferenceId":"InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0605.10h1System.12-10.h"]},{"policyDefinitionReferenceId":"AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}},"groupNames":["hipaa-0635.10k1Organizational.12-10.k","hipaa-0636.10k2Organizational.1-10.k","hipaa-0637.10k2Organizational.2-10.k","hipaa-0638.10k2Organizational.34569-10.k","hipaa-0639.10k2Organizational.78-10.k","hipaa-0640.10k2Organizational.1012-10.k","hipaa-0641.10k2Organizational.11-10.k","hipaa-0642.10k3Organizational.12-10.k","hipaa-0643.10k3Organizational.3-10.k","hipaa-0644.10k3Organizational.4-10.k"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["hipaa-1634.12b1Organizational.1-12.b","hipaa-1638.12b2Organizational.345-12.b"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0710.10m2Organizational.1-10.m","hipaa-0719.10m3Organizational.5-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m"]},{"policyDefinitionReferenceId":"AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m"]},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}},"groupNames":["hipaa-0304.09o3Organizational.1-09.o"]},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0914.09s1Organizational.6-09.s","hipaa-1196.01l3Organizational.24-01.l"]},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}},"groupNames":["hipaa-0835.09n1Organizational.1-09.n"]},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0866.09m3Organizational.1516-09.m"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}},"groupNames":["hipaa-0201.09j1Organizational.124-09.j","hipaa-0607.10h2System.23-10.h","hipaa-1197.01l3Organizational.3-01.l"]},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}},"groupNames":["hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"groupNames":["hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}},"groupNames":["hipaa-0912.09s1Organizational.4-09.s","hipaa-1194.01l2Organizational.2-01.l"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"groupNames":["hipaa-0945.09y1Organizational.3-09.y"]},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1404.05i2Organizational.1-05.i"]},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":[]},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1117.01j1Organizational.23-01.j","hipaa-1173.01j1Organizational.6-01.j","hipaa-1177.01j2Organizational.6-01.j","hipaa-11110.01q1Organizational.6-01.q"]},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}},"groupNames":["hipaa-0858.09m1Organizational.4-09.m","hipaa-11180.01c3System.6-01.c","hipaa-1119.01j2Organizational.3-01.j","hipaa-1175.01j1Organizational.8-01.j","hipaa-1179.01j3Organizational.1-01.j","hipaa-1192.01l1Organizational.1-01.l"]},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}},"groupNames":["hipaa-1116.01j1Organizational.145-01.j","hipaa-1121.01j3Organizational.2-01.j","hipaa-1176.01j2Organizational.5-01.j","hipaa-11109.01q1Organizational.57-01.q"]},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}},"groupNames":["hipaa-1149.01c2System.9-01.c","hipaa-1153.01c3System.35-01.c","hipaa-1229.09c1Organizational.1-09.c"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}},"groupNames":["hipaa-1148.01c2System.78-01.c"]},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}},"groupNames":["hipaa-1143.01c1System.123-01.c","hipaa-1150.01c2System.10-01.c","hipaa-1193.01l2Organizational.13-01.l"]},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}},"groupNames":["hipaa-0607.10h2System.23-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0714.10m2Organizational.7-10.m","hipaa-0717.10m3Organizational.2-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}},"groupNames":["hipaa-1206.09aa2System.23-09.aa"]},{"policyDefinitionReferenceId":"AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"groupNames":["hipaa-1637.12b2Organizational.2-12.b"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{},"groupNames":["hipaa-1620.09l1Organizational.8-09.l","hipaa-1625.09l3Organizational.34-09.l","hipaa-1699.09l1Organizational.10-09.l"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{},"groupNames":["hipaa-0836.09.n2Organizational.1-09.n","hipaa-0885.09n2Organizational.3-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1202.09aa1System.1-09.aa"]},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{},"groupNames":["hipaa-0902.09s2Organizational.13-09.s","hipaa-0960.09sCSPOrganizational.1-09.s"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0859.09m1Organizational.78-09.m"]},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["hipaa-1145.01c2System.1-01.c","hipaa-1152.01c3System.2-01.c","hipaa-11208.01q1Organizational.8-01.q"]},{"policyDefinitionReferenceId":"keyVaultObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["hipaa-0913.09s1Organizational.5-09.s","hipaa-1325.09s1Organizational.3-09.s","hipaa-1195.01l3Organizational.1-01.l"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{},"groupNames":["hipaa-1619.09l1Organizational.7-09.l","hipaa-1624.09l3Organizational.12-09.l","hipaa-1627.09l3Organizational.6-09.l"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{},"groupNames":["hipaa-1276.09c2Organizational.2-09.c","hipaa-1278.09c2Organizational.56-09.c"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}},"groupNames":["hipaa-11210.01q2Organizational.10-01.q","hipaa-1125.01q2System.1-01.q"]},{"policyDefinitionReferenceId":"azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{},"groupNames":["hipaa-1212.09ab1System.1-09.ab","hipaa-1219.09ab3System.10-09.ab"]},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0946.09y2Organizational.14-09.y","hipaa-1451.05iCSPOrganizational.2-05.i"]},{"policyDefinitionReferenceId":"serviceBusShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0860.09m1Organizational.9-09.m"]},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"unattachedDisksShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{},"groupNames":["hipaa-0303.09o2Organizational.2-09.o"]},{"policyDefinitionReferenceId":"appServiceShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0861.09m2Organizational.67-09.m"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{},"groupNames":["hipaa-0835.09n1Organizational.1-09.n","hipaa-0887.09n2Organizational.5-09.n"]},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1203.09aa1System.2-09.aa"]},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{},"groupNames":["hipaa-0911.09s1Organizational.2-09.s"]},{"policyDefinitionReferenceId":"gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m"]},{"policyDefinitionReferenceId":"diagnosticLogsInIoTHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1204.09aa1System.3-09.aa"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0943.09y1Organizational.1-09.y","hipaa-1401.05i1Organizational.1239-05.i"]},{"policyDefinitionReferenceId":"azureMonitorShouldCollectActivityLogsFromAllRegions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{},"groupNames":["hipaa-1120.09ab3System.9-09.ab","hipaa-1214.09ab2System.3456-09.ab"]},{"policyDefinitionReferenceId":"automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{},"groupNames":["hipaa-1213.09ab2System.128-09.ab","hipaa-1220.09ab3System.56-09.ab"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{},"groupNames":["hipaa-1618.09l1Organizational.45-09.l","hipaa-1623.09l2Organizational.4-09.l","hipaa-1626.09l3Organizational.5-09.l"]},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["hipaa-1144.01c1System.4-01.c","hipaa-1151.01c3System.1-01.c","hipaa-1154.01c3System.4-01.c","hipaa-11112.01q2Organizational.67-01.q"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0711.10m2Organizational.23-10.m"]},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["hipaa-0901.09s1Organizational.1-09.s","hipaa-0916.09s2Organizational.4-09.s"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificates(IncomingClientCertificates)SetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{},"groupNames":["hipaa-0662.09sCSPOrganizational.2-09.s","hipaa-0915.09s2Organizational.2-09.s"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0867.09m3Organizational.17-09.m"]},{"policyDefinitionReferenceId":"auditWindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"workspaceId":{"value":"[parameters(''workspaceId'')]"}},"groupNames":["hipaa-12102.09ab1Organizational.4-09.ab","hipaa-1217.09ab3System.3-09.ab"]},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1402.05i1Organizational.45-05.i"]},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"AzureBaselineUserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"usersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''usersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''usersOrGroupsThatMayLogOnLocally'')]"},"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"usersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''usersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"usersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''usersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"usersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''usersOrGroupsThatMayChangeTheSystemTime'')]"},"usersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''usersOrGroupsThatMayChangeTheTimeZone'')]"},"usersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''usersOrGroupsThatMayCreateATokenObject'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"usersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''usersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"usersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''usersAndGroupsThatAreDeniedLocalLogon'')]"},"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"userAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''userAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"usersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''usersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"usersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''usersAndGroupsThatMayShutDownTheSystem'')]"},"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"groupNames":["hipaa-1232.09c3Organizational.12-09.c"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{},"groupNames":["hipaa-1617.09l1Organizational.23-09.l","hipaa-1622.09l2Organizational.23-09.l"]},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}},"groupNames":["hipaa-11211.01q2Organizational.11-01.q","hipaa-1127.01q2System.3-01.q"]},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["hipaa-1148.01c2System.78-01.c","hipaa-1230.09c2Organizational.1-09.c"]},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y","hipaa-1403.05i1Organizational.67-05.i"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{},"groupNames":["hipaa-12100.09ab2System.15-09.ab","hipaa-1215.09ab2System.7-09.ab"]},{"policyDefinitionReferenceId":"sqlServerShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0862.09m2Organizational.8-09.m"]},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{},"groupNames":["hipaa-1209.09aa3System.2-09.aa"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations'')]"},"resourceGroupName":{"value":"[parameters(''NetworkWatcherResourceGroupName'')]"}},"groupNames":["hipaa-0837.09.n2Organizational.2-09.n","hipaa-0886.09n2Organizational.4-09.n","hipaa-0888.09n2Organizational.6-09.n"]},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"members":{"value":"[parameters(''members'')]"}},"groupNames":["hipaa-1123.01q1System.2-01.q"]},{"policyDefinitionReferenceId":"auditSpecificAdministrativeOperationsWithoutActivityLogAlerts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"operationName":{"value":"[parameters(''operationName'')]"}},"groupNames":["hipaa-1270.09ad1System.12-09.ad","hipaa-1271.09ad1System.1-09.ad"]},{"policyDefinitionReferenceId":"microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{},"groupNames":["hipaa-0201.09j1Organizational.124-09.j"]},{"policyDefinitionReferenceId":"containerRegistryShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0868.09m3Organizational.18-09.m","hipaa-0869.09m3Organizational.19-09.m","hipaa-0870.09m3Organizational.20-09.m","hipaa-0871.09m3Organizational.22-09.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1210.09aa3System.3-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0947.09y2Organizational.2-09.y","hipaa-1450.05i2Organizational.2-05.i"]},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{},"groupNames":["hipaa-1616.09l1Organizational.16-09.l","hipaa-1621.09l2Organizational.1-09.l"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","parameters":{"effect":{"value":"[parameters(''virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect'')]"},"virtualNetworkId":{"value":"[parameters(''virtualNetworkId'')]"}},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"eventHubShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0863.09m2Organizational.910-09.m"]},{"policyDefinitionReferenceId":"cosmosDBShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0864.09m2Organizational.12-09.m"]},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["hipaa-0605.10h1System.12-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0713.10m2Organizational.5-10.m","hipaa-0718.10m3Organizational.34-10.m"]},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["hipaa-1118.01j2Organizational.124-01.j","hipaa-1174.01j1Organizational.7-01.j","hipaa-1178.01j2Organizational.7-01.j","hipaa-11111.01q2System.4-01.q"]},{"policyDefinitionReferenceId":"AzureBaselineSecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"uacAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''uacAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"uacDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''uacDetectApplicationInstallationsAndPromptForElevation'')]"},"uacRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''uacRunAllAdministratorsInAdminApprovalMode'')]"}},"groupNames":["hipaa-1277.09c2Organizational.4-09.c"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0948.09y2Organizational.3-09.y","hipaa-1418.05i1Organizational.8-05.i"]},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{},"groupNames":["hipaa-0606.10h2System.1-10.h","hipaa-0709.10m1Organizational.1-10.m","hipaa-0715.10m2Organizational.8-10.m"]},{"policyDefinitionReferenceId":"keyVaultShouldUseAVirtualNetworkServiceEndpoint","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0865.09m2Organizational.13-09.m"]},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["hipaa-1147.01c2System.456-01.c"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m"]},{"policyDefinitionReferenceId":"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{},"groupNames":["hipaa-12101.09ab1Organizational.3-09.ab","hipaa-1216.09ab3System.12-09.ab"]},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{},"groupNames":["hipaa-0894.01m2Organizational.7-01.m","hipaa-0805.01m1Organizational.12-01.m","hipaa-0806.01m2Organizational.12356-01.m","hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n"]},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["hipaa-1146.01c2System.23-01.c"]},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1208.09aa3System.1-09.aa"]},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1207.09aa2System.4-09.aa"]},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{},"groupNames":["hipaa-0809.01n2Organizational.1234-01.n","hipaa-0810.01n2Organizational.5-01.n","hipaa-0814.01n1Organizational.12-01.n","hipaa-0812.01n2Organizational.8-01.n","hipaa-0811.01n2Organizational.6-01.n","hipaa-0949.09y2Organizational.5-09.y"]},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["hipaa-0709.10m1Organizational.1-10.m","hipaa-0716.10m3Organizational.1-10.m"]},{"policyDefinitionReferenceId":"diagnosticsLogsInManagedHsmMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b","parameters":{"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays'')]"}},"groupNames":["hipaa-1211.09aa3System.4-09.aa"]},{"policyDefinitionReferenceId":"managedHsmObjectsShouldBeRecoverable","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383","parameters":{},"groupNames":["hipaa-1635.12b1Organizational.2-12.b"]}],"policyDefinitionGroups":[{"name":"hipaa-0101.00a1Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"},{"name":"hipaa-0102.00a2Organizational.123-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"},{"name":"hipaa-0103.00a3Organizational.1234567-00.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"},{"name":"hipaa-0104.02a1Organizational.12-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"},{"name":"hipaa-0105.02a2Organizational.1-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"},{"name":"hipaa-0106.02a2Organizational.23-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"},{"name":"hipaa-0107.02d1Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"},{"name":"hipaa-0108.02d1Organizational.23-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"},{"name":"hipaa-0109.02d1Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"},{"name":"hipaa-0110.02d2Organizational.1-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"},{"name":"hipaa-0111.02d2Organizational.2-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"},{"name":"hipaa-01110.05a1Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"},{"name":"hipaa-01111.05a2Organizational.5-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"},{"name":"hipaa-0112.02d2Organizational.3-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"},{"name":"hipaa-0113.04a1Organizational.123-04.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"},{"name":"hipaa-0114.04b1Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"},{"name":"hipaa-0115.04b2Organizational.123-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"},{"name":"hipaa-0116.04b3Organizational.1-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"},{"name":"hipaa-0117.05a1Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"},{"name":"hipaa-0118.05a1Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"},{"name":"hipaa-0119.05a1Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"},{"name":"hipaa-0120.05a1Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"},{"name":"hipaa-0121.05a2Organizational.12-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"},{"name":"hipaa-0122.05a2Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"},{"name":"hipaa-0123.05a2Organizational.4-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"},{"name":"hipaa-0124.05a3Organizational.1-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"},{"name":"hipaa-0125.05a3Organizational.2-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"},{"name":"hipaa-0135.02f1Organizational.56-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"},{"name":"hipaa-0137.02a1Organizational.3-02.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"},{"name":"hipaa-0162.04b1Organizational.2-04.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"},{"name":"hipaa-0165.05a3Organizational.3-05.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"},{"name":"hipaa-0177.05h1Organizational.12-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"},{"name":"hipaa-0178.05h1Organizational.3-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"},{"name":"hipaa-0179.05h1Organizational.4-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"},{"name":"hipaa-0180.05h2Organizational.1-05.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"},{"name":"hipaa-0197.02d2Organizational.4-02.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"},{"name":"hipaa-0201.09j1Organizational.124-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"},{"name":"hipaa-0202.09j1Organizational.3-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"},{"name":"hipaa-0204.09j2Organizational.1-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"},{"name":"hipaa-0205.09j2Organizational.2-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"},{"name":"hipaa-0206.09j2Organizational.34-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"},{"name":"hipaa-0207.09j2Organizational.56-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"},{"name":"hipaa-0208.09j2Organizational.7-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"},{"name":"hipaa-0209.09m3Organizational.7-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"},{"name":"hipaa-0214.09j1Organizational.6-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"},{"name":"hipaa-0215.09j2Organizational.8-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"},{"name":"hipaa-0216.09j2Organizational.9-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"},{"name":"hipaa-0217.09j2Organizational.10-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"},{"name":"hipaa-0219.09j2Organizational.12-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"},{"name":"hipaa-0225.09k1Organizational.1-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"},{"name":"hipaa-0226.09k1Organizational.2-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"},{"name":"hipaa-0227.09k2Organizational.12-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"},{"name":"hipaa-0228.09k2Organizational.3-09.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"},{"name":"hipaa-0301.09o1Organizational.123-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"},{"name":"hipaa-0302.09o2Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"},{"name":"hipaa-0303.09o2Organizational.2-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"},{"name":"hipaa-0304.09o3Organizational.1-09.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"},{"name":"hipaa-0305.09q1Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"},{"name":"hipaa-0306.09q1Organizational.3-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"},{"name":"hipaa-0307.09q2Organizational.12-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"},{"name":"hipaa-0308.09q3Organizational.1-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"},{"name":"hipaa-0314.09q3Organizational.2-09.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"},{"name":"hipaa-0401.01x1System.124579-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"},{"name":"hipaa-0403.01x1System.8-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"},{"name":"hipaa-0404.01x1System.1011-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"},{"name":"hipaa-0405.01y1Organizational.12345678-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"},{"name":"hipaa-0407.01y2Organizational.1-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"},{"name":"hipaa-0408.01y3Organizational.12-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"},{"name":"hipaa-0409.01y3Organizational.3-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"},{"name":"hipaa-0410.01x1System.12-01.xMobileComputingandCommunications","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"},{"name":"hipaa-0415.01y1Organizational.10-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"},{"name":"hipaa-0416.01y3Organizational.4-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"},{"name":"hipaa-0417.01y3Organizational.5-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"},{"name":"hipaa-0425.01x1System.13-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"},{"name":"hipaa-0426.01x2System.1-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"},{"name":"hipaa-0427.01x2System.2-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"},{"name":"hipaa-0428.01x2System.3-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"},{"name":"hipaa-0429.01x1System.14-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"},{"name":"hipaa-0501.09m1Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"},{"name":"hipaa-0502.09m1Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"},{"name":"hipaa-0503.09m1Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"},{"name":"hipaa-0504.09m2Organizational.5-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"},{"name":"hipaa-0505.09m2Organizational.3-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"},{"name":"hipaa-0601.06g1Organizational.124-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"},{"name":"hipaa-0602.06g1Organizational.3-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"},{"name":"hipaa-0603.06g2Organizational.1-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"},{"name":"hipaa-0604.06g2Organizational.2-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"},{"name":"hipaa-0605.10h1System.12-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"},{"name":"hipaa-0606.10h2System.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"},{"name":"hipaa-0607.10h2System.23-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"},{"name":"hipaa-0613.06h1Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"},{"name":"hipaa-0614.06h2Organizational.12-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"},{"name":"hipaa-0615.06h2Organizational.3-06.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"},{"name":"hipaa-0618.09b1System.1-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"},{"name":"hipaa-0619.09b2System.12-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"},{"name":"hipaa-0620.09b2System.3-09.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"},{"name":"hipaa-0626.10h1System.3-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"},{"name":"hipaa-0627.10h1System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"},{"name":"hipaa-0628.10h1System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"},{"name":"hipaa-0629.10h2System.45-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"},{"name":"hipaa-0630.10h2System.6-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"},{"name":"hipaa-0635.10k1Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"},{"name":"hipaa-0636.10k2Organizational.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"},{"name":"hipaa-0637.10k2Organizational.2-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"},{"name":"hipaa-0638.10k2Organizational.34569-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"},{"name":"hipaa-0639.10k2Organizational.78-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"},{"name":"hipaa-0640.10k2Organizational.1012-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"},{"name":"hipaa-0641.10k2Organizational.11-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"},{"name":"hipaa-0642.10k3Organizational.12-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"},{"name":"hipaa-0643.10k3Organizational.3-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"},{"name":"hipaa-0644.10k3Organizational.4-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"},{"name":"hipaa-0662.09sCSPOrganizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"},{"name":"hipaa-0663.10h1System.7-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"},{"name":"hipaa-0663.10h2Organizational.9-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"},{"name":"hipaa-0664.10h2Organizational.10-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"},{"name":"hipaa-0669.10hCSPSystem.1-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"},{"name":"hipaa-0670.10hCSPSystem.2-10.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"},{"name":"hipaa-0671.10k1System.1-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"},{"name":"hipaa-0672.10k3System.5-10.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"},{"name":"hipaa-068.06g2Organizational.34-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"},{"name":"hipaa-069.06g2Organizational.56-06.g","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"},{"name":"hipaa-0701.07a1Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"},{"name":"hipaa-0702.07a1Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"},{"name":"hipaa-0703.07a2Organizational.1-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"},{"name":"hipaa-0704.07a3Organizational.12-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"},{"name":"hipaa-0705.07a3Organizational.3-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"},{"name":"hipaa-0706.10b1System.12-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"},{"name":"hipaa-0707.10b2System.1-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"},{"name":"hipaa-0708.10b2System.2-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"},{"name":"hipaa-0709.10m1Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"},{"name":"hipaa-0710.10m2Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"},{"name":"hipaa-0711.10m2Organizational.23-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"},{"name":"hipaa-0712.10m2Organizational.4-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"},{"name":"hipaa-0713.10m2Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"},{"name":"hipaa-0714.10m2Organizational.7-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"},{"name":"hipaa-0715.10m2Organizational.8-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"},{"name":"hipaa-0716.10m3Organizational.1-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"},{"name":"hipaa-0717.10m3Organizational.2-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"},{"name":"hipaa-0718.10m3Organizational.34-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"},{"name":"hipaa-0719.10m3Organizational.5-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"},{"name":"hipaa-0720.07a1Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"},{"name":"hipaa-0721.07a1Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"},{"name":"hipaa-0722.07a1Organizational.67-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"},{"name":"hipaa-0723.07a1Organizational.8-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"},{"name":"hipaa-0724.07a3Organizational.4-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"},{"name":"hipaa-0725.07a3Organizational.5-07.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"},{"name":"hipaa-0733.10b2System.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"},{"name":"hipaa-0786.10m2Organizational.13-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"},{"name":"hipaa-0787.10m2Organizational.14-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"},{"name":"hipaa-0788.10m3Organizational.20-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"},{"name":"hipaa-0789.10m3Organizational.21-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"},{"name":"hipaa-0790.10m3Organizational.22-10.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"},{"name":"hipaa-0791.10b2Organizational.4-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"},{"name":"hipaa-0805.01m1Organizational.12-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"},{"name":"hipaa-0806.01m2Organizational.12356-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"},{"name":"hipaa-0808.10b2System.3-10.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"},{"name":"hipaa-0809.01n2Organizational.1234-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"},{"name":"hipaa-0810.01n2Organizational.5-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"},{"name":"hipaa-08101.09m2Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"},{"name":"hipaa-08102.09nCSPOrganizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"},{"name":"hipaa-0811.01n2Organizational.6-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"},{"name":"hipaa-0812.01n2Organizational.8-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"},{"name":"hipaa-0814.01n1Organizational.12-01.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"},{"name":"hipaa-0815.01o2Organizational.123-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"},{"name":"hipaa-0816.01w1System.1-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"},{"name":"hipaa-0817.01w2System.123-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"},{"name":"hipaa-0818.01w3System.12-01.w","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"},{"name":"hipaa-0819.09m1Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"},{"name":"hipaa-0820.09m2Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"},{"name":"hipaa-0821.09m2Organizational.2-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"},{"name":"hipaa-0822.09m2Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"},{"name":"hipaa-0824.09m3Organizational.1-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"},{"name":"hipaa-0825.09m3Organizational.23-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"},{"name":"hipaa-0826.09m3Organizational.45-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"},{"name":"hipaa-0827.09m3Organizational.6-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"},{"name":"hipaa-0828.09m3Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"},{"name":"hipaa-0829.09m3Organizational.911-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"},{"name":"hipaa-0830.09m3Organizational.1012-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"},{"name":"hipaa-0832.09m3Organizational.14-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"},{"name":"hipaa-0835.09n1Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"},{"name":"hipaa-0836.09.n2Organizational.1-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"},{"name":"hipaa-0837.09.n2Organizational.2-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"},{"name":"hipaa-0850.01o1Organizational.12-01.o","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"},{"name":"hipaa-0858.09m1Organizational.4-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"},{"name":"hipaa-0859.09m1Organizational.78-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"},{"name":"hipaa-0860.09m1Organizational.9-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"},{"name":"hipaa-0861.09m2Organizational.67-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"},{"name":"hipaa-0862.09m2Organizational.8-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"},{"name":"hipaa-0863.09m2Organizational.910-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"},{"name":"hipaa-0864.09m2Organizational.12-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"},{"name":"hipaa-0865.09m2Organizational.13-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"},{"name":"hipaa-0866.09m3Organizational.1516-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"},{"name":"hipaa-0867.09m3Organizational.17-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"},{"name":"hipaa-0868.09m3Organizational.18-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"},{"name":"hipaa-0869.09m3Organizational.19-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"},{"name":"hipaa-0870.09m3Organizational.20-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"},{"name":"hipaa-0871.09m3Organizational.22-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"},{"name":"hipaa-0885.09n2Organizational.3-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"},{"name":"hipaa-0886.09n2Organizational.4-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"},{"name":"hipaa-0887.09n2Organizational.5-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"},{"name":"hipaa-0888.09n2Organizational.6-09.n","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"},{"name":"hipaa-0894.01m2Organizational.7-01.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"},{"name":"hipaa-0901.09s1Organizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"},{"name":"hipaa-0902.09s2Organizational.13-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"},{"name":"hipaa-0903.10f1Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"},{"name":"hipaa-0904.10f2Organizational.1-10.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"},{"name":"hipaa-0911.09s1Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"},{"name":"hipaa-0912.09s1Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"},{"name":"hipaa-0913.09s1Organizational.5-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"},{"name":"hipaa-0914.09s1Organizational.6-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"},{"name":"hipaa-0915.09s2Organizational.2-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"},{"name":"hipaa-0916.09s2Organizational.4-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"},{"name":"hipaa-0925.09v1Organizational.1-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"},{"name":"hipaa-0926.09v1Organizational.2-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"},{"name":"hipaa-0927.09v1Organizational.3-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"},{"name":"hipaa-0928.09v1Organizational.45-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"},{"name":"hipaa-0929.09v1Organizational.6-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"},{"name":"hipaa-0938.09x1Organizational.1-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"},{"name":"hipaa-0939.09x2Organizational.12-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"},{"name":"hipaa-0940.09x2Organizational.3-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"},{"name":"hipaa-0941.09x2Organizational.4-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"},{"name":"hipaa-0942.09x2Organizational.5-09.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"},{"name":"hipaa-0943.09y1Organizational.1-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"},{"name":"hipaa-0944.09y1Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"},{"name":"hipaa-0945.09y1Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"},{"name":"hipaa-0946.09y2Organizational.14-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"},{"name":"hipaa-0947.09y2Organizational.2-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"},{"name":"hipaa-0948.09y2Organizational.3-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"},{"name":"hipaa-0949.09y2Organizational.5-09.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"},{"name":"hipaa-0960.09sCSPOrganizational.1-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"},{"name":"hipaa-0961.09v1Organizational.7-09.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"},{"name":"hipaa-099.09m2Organizational.11-09.m","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"},{"name":"hipaa-1002.01d1System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"},{"name":"hipaa-1003.01d1System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"},{"name":"hipaa-1004.01d1System.8913-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"},{"name":"hipaa-1005.01d1System.1011-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"},{"name":"hipaa-1006.01d2System.1-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"},{"name":"hipaa-1007.01d2System.2-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"},{"name":"hipaa-1008.01d2System.3-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"},{"name":"hipaa-1009.01d2System.4-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"},{"name":"hipaa-1010.01d2System.5-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"},{"name":"hipaa-1014.01d1System.12-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"},{"name":"hipaa-1015.01d1System.14-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"},{"name":"hipaa-1022.01d1System.15-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"},{"name":"hipaa-1027.01d2System.6-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"},{"name":"hipaa-1031.01d1System.34510-01.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"},{"name":"hipaa-1106.01b1System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"},{"name":"hipaa-1107.01b1System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"},{"name":"hipaa-1108.01b1System.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"},{"name":"hipaa-1109.01b1System.479-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"},{"name":"hipaa-1110.01b1System.5-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"},{"name":"hipaa-11109.01q1Organizational.57-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"},{"name":"hipaa-1111.01b2System.1-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"},{"name":"hipaa-11110.01q1Organizational.6-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"},{"name":"hipaa-11111.01q2System.4-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"},{"name":"hipaa-11112.01q2Organizational.67-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"},{"name":"hipaa-1112.01b2System.2-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"},{"name":"hipaa-11126.01t1Organizational.12-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"},{"name":"hipaa-1114.01h1Organizational.123-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"},{"name":"hipaa-1115.01h1Organizational.45-01.h","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"},{"name":"hipaa-11154.02i1Organizational.5-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"},{"name":"hipaa-11155.02i2Organizational.2-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"},{"name":"hipaa-1116.01j1Organizational.145-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"},{"name":"hipaa-1117.01j1Organizational.23-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"},{"name":"hipaa-1118.01j2Organizational.124-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"},{"name":"hipaa-11180.01c3System.6-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"},{"name":"hipaa-1119.01j2Organizational.3-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"},{"name":"hipaa-11190.01t1Organizational.3-01.t","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"},{"name":"hipaa-1120.09ab3System.9-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"},{"name":"hipaa-11200.01b2Organizational.3-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"},{"name":"hipaa-11208.01q1Organizational.8-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"},{"name":"hipaa-11209.01q2Organizational.9-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"},{"name":"hipaa-1121.01j3Organizational.2-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"},{"name":"hipaa-11210.01q2Organizational.10-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"},{"name":"hipaa-11211.01q2Organizational.11-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"},{"name":"hipaa-11219.01b1Organizational.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"},{"name":"hipaa-1122.01q1System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"},{"name":"hipaa-11220.01b1System.10-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"},{"name":"hipaa-1123.01q1System.2-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"},{"name":"hipaa-1124.01q1System.34-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"},{"name":"hipaa-1125.01q2System.1-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"},{"name":"hipaa-1127.01q2System.3-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"},{"name":"hipaa-1128.01q2System.5-01.q","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"},{"name":"hipaa-1129.01v1System.12-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"},{"name":"hipaa-1130.01v2System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"},{"name":"hipaa-1131.01v2System.2-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"},{"name":"hipaa-1132.01v2System.3-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"},{"name":"hipaa-1133.01v2System.4-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"},{"name":"hipaa-1134.01v3System.1-01.v","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"},{"name":"hipaa-1135.02i1Organizational.1234-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"},{"name":"hipaa-1136.02i2Organizational.1-02.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"},{"name":"hipaa-1137.06e1Organizational.1-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"},{"name":"hipaa-1138.06e2Organizational.12-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"},{"name":"hipaa-1139.01b1System.68-01.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"},{"name":"hipaa-1143.01c1System.123-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"},{"name":"hipaa-1144.01c1System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"},{"name":"hipaa-1145.01c2System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"},{"name":"hipaa-1146.01c2System.23-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"},{"name":"hipaa-1147.01c2System.456-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"},{"name":"hipaa-1148.01c2System.78-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"},{"name":"hipaa-1149.01c2System.9-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"},{"name":"hipaa-1150.01c2System.10-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"},{"name":"hipaa-1151.01c3System.1-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"},{"name":"hipaa-1152.01c3System.2-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"},{"name":"hipaa-1153.01c3System.35-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"},{"name":"hipaa-1154.01c3System.4-01.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"},{"name":"hipaa-1166.01e1System.12-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"},{"name":"hipaa-1167.01e2System.1-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"},{"name":"hipaa-1168.01e2System.2-01.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"},{"name":"hipaa-1173.01j1Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"},{"name":"hipaa-1174.01j1Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"},{"name":"hipaa-1175.01j1Organizational.8-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"},{"name":"hipaa-1176.01j2Organizational.5-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"},{"name":"hipaa-1177.01j2Organizational.6-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"},{"name":"hipaa-1178.01j2Organizational.7-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"},{"name":"hipaa-1179.01j3Organizational.1-01.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"},{"name":"hipaa-1192.01l1Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"},{"name":"hipaa-1193.01l2Organizational.13-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"},{"name":"hipaa-1194.01l2Organizational.2-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"},{"name":"hipaa-1195.01l3Organizational.1-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"},{"name":"hipaa-1196.01l3Organizational.24-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"},{"name":"hipaa-1197.01l3Organizational.3-01.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"},{"name":"hipaa-1201.06e1Organizational.2-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"},{"name":"hipaa-1202.09aa1System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"},{"name":"hipaa-1203.09aa1System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"},{"name":"hipaa-1204.09aa1System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"},{"name":"hipaa-1205.09aa2System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"},{"name":"hipaa-1206.09aa2System.23-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"},{"name":"hipaa-1207.09aa2System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"},{"name":"hipaa-1208.09aa3System.1-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"},{"name":"hipaa-1209.09aa3System.2-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"},{"name":"hipaa-1210.09aa3System.3-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"},{"name":"hipaa-12100.09ab2System.15-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"},{"name":"hipaa-12101.09ab1Organizational.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"},{"name":"hipaa-12102.09ab1Organizational.4-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"},{"name":"hipaa-12103.09ab1Organizational.5-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"},{"name":"hipaa-1211.09aa3System.4-09.aa","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"},{"name":"hipaa-1212.09ab1System.1-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"},{"name":"hipaa-1213.09ab2System.128-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"},{"name":"hipaa-1214.09ab2System.3456-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"},{"name":"hipaa-1215.09ab2System.7-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"},{"name":"hipaa-1216.09ab3System.12-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"},{"name":"hipaa-1217.09ab3System.3-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"},{"name":"hipaa-1218.09ab3System.47-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"},{"name":"hipaa-1219.09ab3System.10-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"},{"name":"hipaa-1220.09ab3System.56-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"},{"name":"hipaa-1222.09ab3System.8-09.ab","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"},{"name":"hipaa-1229.09c1Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"},{"name":"hipaa-1230.09c2Organizational.1-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"},{"name":"hipaa-1231.09c2Organizational.23-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"},{"name":"hipaa-1232.09c3Organizational.12-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"},{"name":"hipaa-1233.09c3Organizational.3-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"},{"name":"hipaa-1270.09ad1System.12-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"},{"name":"hipaa-1271.09ad1System.1-09.ad","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"},{"name":"hipaa-1276.09c2Organizational.2-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"},{"name":"hipaa-1277.09c2Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"},{"name":"hipaa-1278.09c2Organizational.56-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"},{"name":"hipaa-1279.09c3Organizational.4-09.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"},{"name":"hipaa-1301.02e1Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"},{"name":"hipaa-1302.02e2Organizational.134-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"},{"name":"hipaa-1303.02e2Organizational.2-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"},{"name":"hipaa-1304.02e3Organizational.1-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"},{"name":"hipaa-1305.02e3Organizational.23-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"},{"name":"hipaa-1306.06e1Organizational.5-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"},{"name":"hipaa-1307.07c1Organizational.124-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"},{"name":"hipaa-1308.09j1Organizational.5-09.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"},{"name":"hipaa-1309.01x1System.36-01.x","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"},{"name":"hipaa-1310.01y1Organizational.9-01.y","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"},{"name":"hipaa-1311.12c2Organizational.3-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"},{"name":"hipaa-1313.02e1Organizational.3-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"},{"name":"hipaa-1314.02e2Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"},{"name":"hipaa-1315.02e2Organizational.67-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"},{"name":"hipaa-1324.07c1Organizational.3-07.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"},{"name":"hipaa-1325.09s1Organizational.3-09.s","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"},{"name":"hipaa-1326.02e1Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"},{"name":"hipaa-1327.02e2Organizational.8-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"},{"name":"hipaa-1331.02e3Organizational.4-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"},{"name":"hipaa-1334.02e2Organizational.12-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"},{"name":"hipaa-1336.02e1Organizational.5-02.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"},{"name":"hipaa-1401.05i1Organizational.1239-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"},{"name":"hipaa-1402.05i1Organizational.45-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"},{"name":"hipaa-1403.05i1Organizational.67-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"},{"name":"hipaa-1404.05i2Organizational.1-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"},{"name":"hipaa-1406.05k1Organizational.110-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"},{"name":"hipaa-1407.05k2Organizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"},{"name":"hipaa-1408.09e1System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"},{"name":"hipaa-1409.09e2System.1-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"},{"name":"hipaa-1410.09e2System.23-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"},{"name":"hipaa-1411.09f1System.1-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"},{"name":"hipaa-1412.09f2System.12-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"},{"name":"hipaa-1413.09f2System.3-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"},{"name":"hipaa-1416.10l1Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"},{"name":"hipaa-1417.10l2Organizational.1-10.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"},{"name":"hipaa-1418.05i1Organizational.8-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"},{"name":"hipaa-1419.05j1Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"},{"name":"hipaa-1421.05j2Organizational.12-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"},{"name":"hipaa-1422.05j2Organizational.3-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"},{"name":"hipaa-1423.05j2Organizational.4-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"},{"name":"hipaa-1424.05j2Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"},{"name":"hipaa-1428.05k1Organizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"},{"name":"hipaa-1429.05k1Organizational.34-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"},{"name":"hipaa-1430.05k1Organizational.56-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"},{"name":"hipaa-1431.05k1Organizational.7-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"},{"name":"hipaa-1432.05k1Organizational.89-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"},{"name":"hipaa-1438.09e2System.4-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"},{"name":"hipaa-1442.09f2System.456-09.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"},{"name":"hipaa-1450.05i2Organizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"},{"name":"hipaa-1451.05iCSPOrganizational.2-05.i","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"},{"name":"hipaa-1452.05kCSPOrganizational.1-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"},{"name":"hipaa-1453.05kCSPOrganizational.2-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"},{"name":"hipaa-1454.05kCSPOrganizational.3-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"},{"name":"hipaa-1455.05kCSPOrganizational.4-05.k","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"},{"name":"hipaa-1464.09e2Organizational.5-09.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"},{"name":"hipaa-1501.02f1Organizational.123-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"},{"name":"hipaa-1502.02f1Organizational.4-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"},{"name":"hipaa-1503.02f2Organizational.12-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"},{"name":"hipaa-1504.06e1Organizational.34-06.e","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"},{"name":"hipaa-1505.11a1Organizational.13-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"},{"name":"hipaa-1506.11a1Organizational.2-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"},{"name":"hipaa-1507.11a1Organizational.4-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"},{"name":"hipaa-1508.11a2Organizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"},{"name":"hipaa-1509.11a2Organizational.236-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"},{"name":"hipaa-1510.11a2Organizational.47-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"},{"name":"hipaa-1511.11a2Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"},{"name":"hipaa-1512.11a2Organizational.8-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"},{"name":"hipaa-1514.11a3Organizational.12-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"},{"name":"hipaa-1515.11a3Organizational.3-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"},{"name":"hipaa-1516.11c1Organizational.12-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"},{"name":"hipaa-1517.11c1Organizational.3-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"},{"name":"hipaa-1518.11c2Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"},{"name":"hipaa-1519.11c2Organizational.2-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"},{"name":"hipaa-1520.11c2Organizational.4-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"},{"name":"hipaa-1521.11c2Organizational.56-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"},{"name":"hipaa-1522.11c3Organizational.13-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"},{"name":"hipaa-1523.11c3Organizational.24-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"},{"name":"hipaa-1524.11a1Organizational.5-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"},{"name":"hipaa-1525.11a1Organizational.6-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"},{"name":"hipaa-1560.11d1Organizational.1-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"},{"name":"hipaa-1561.11d2Organizational.14-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"},{"name":"hipaa-1562.11d2Organizational.2-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"},{"name":"hipaa-1563.11d2Organizational.3-11.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"},{"name":"hipaa-1577.11aCSPOrganizational.1-11.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"},{"name":"hipaa-1581.02f1Organizational.7-02.f","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"},{"name":"hipaa-1587.11c2Organizational.10-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"},{"name":"hipaa-1589.11c1Organizational.5-11.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"},{"name":"hipaa-1601.12c1Organizational.1238-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"},{"name":"hipaa-1602.12c1Organizational.4567-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"},{"name":"hipaa-1603.12c1Organizational.9-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"},{"name":"hipaa-1604.12c2Organizational.16789-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"},{"name":"hipaa-1605.12c2Organizational.2-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"},{"name":"hipaa-1607.12c2Organizational.4-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"},{"name":"hipaa-1608.12c2Organizational.5-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"},{"name":"hipaa-1609.12c3Organizational.12-12.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"},{"name":"hipaa-1616.09l1Organizational.16-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"},{"name":"hipaa-1617.09l1Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"},{"name":"hipaa-1618.09l1Organizational.45-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"},{"name":"hipaa-1619.09l1Organizational.7-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"},{"name":"hipaa-1620.09l1Organizational.8-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"},{"name":"hipaa-1621.09l2Organizational.1-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"},{"name":"hipaa-1622.09l2Organizational.23-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"},{"name":"hipaa-1623.09l2Organizational.4-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"},{"name":"hipaa-1624.09l3Organizational.12-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"},{"name":"hipaa-1625.09l3Organizational.34-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"},{"name":"hipaa-1626.09l3Organizational.5-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"},{"name":"hipaa-1627.09l3Organizational.6-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"},{"name":"hipaa-1634.12b1Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"},{"name":"hipaa-1635.12b1Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"},{"name":"hipaa-1636.12b2Organizational.1-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"},{"name":"hipaa-1637.12b2Organizational.2-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"},{"name":"hipaa-1638.12b2Organizational.345-12.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"},{"name":"hipaa-1666.12d1Organizational.1235-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"},{"name":"hipaa-1667.12d1Organizational.4-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"},{"name":"hipaa-1668.12d1Organizational.67-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"},{"name":"hipaa-1669.12d1Organizational.8-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"},{"name":"hipaa-1670.12d2Organizational.1-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"},{"name":"hipaa-1671.12d2Organizational.2-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"},{"name":"hipaa-1672.12d2Organizational.3-12.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"},{"name":"hipaa-1699.09l1Organizational.10-09.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"},{"name":"hipaa-1704.03b1Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"},{"name":"hipaa-1705.03b2Organizational.12-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"},{"name":"hipaa-1706.03b1Organizational.3-03.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"},{"name":"hipaa-1707.03c1Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"},{"name":"hipaa-1708.03c2Organizational.12-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"},{"name":"hipaa-17101.10a3Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"},{"name":"hipaa-17120.10a3Organizational.5-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"},{"name":"hipaa-17126.03c1System.6-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"},{"name":"hipaa-1713.03c1Organizational.3-03.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"},{"name":"hipaa-1733.03d1Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"},{"name":"hipaa-1734.03d2Organizational.1-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"},{"name":"hipaa-1735.03d2Organizational.23-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"},{"name":"hipaa-1736.03d2Organizational.4-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"},{"name":"hipaa-1737.03d2Organizational.5-03.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"},{"name":"hipaa-1780.10a1Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"},{"name":"hipaa-1781.10a1Organizational.23-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"},{"name":"hipaa-1782.10a1Organizational.4-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"},{"name":"hipaa-1783.10a1Organizational.56-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"},{"name":"hipaa-1784.10a1Organizational.7-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"},{"name":"hipaa-1785.10a1Organizational.8-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"},{"name":"hipaa-1786.10a1Organizational.9-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"},{"name":"hipaa-1787.10a2Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"},{"name":"hipaa-1788.10a2Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"},{"name":"hipaa-1789.10a2Organizational.3-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"},{"name":"hipaa-1790.10a2Organizational.45-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"},{"name":"hipaa-1791.10a2Organizational.6-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"},{"name":"hipaa-1792.10a2Organizational.7814-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"},{"name":"hipaa-1793.10a2Organizational.91011-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"},{"name":"hipaa-1794.10a2Organizational.12-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"},{"name":"hipaa-1795.10a2Organizational.13-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"},{"name":"hipaa-1796.10a2Organizational.15-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"},{"name":"hipaa-1797.10a3Organizational.1-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"},{"name":"hipaa-1798.10a3Organizational.2-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"},{"name":"hipaa-1799.10a3Organizational.34-10.a","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"},{"name":"hipaa-1801.08b1Organizational.124-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"},{"name":"hipaa-1802.08b1Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"},{"name":"hipaa-1803.08b1Organizational.5-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"},{"name":"hipaa-1804.08b2Organizational.12-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"},{"name":"hipaa-1805.08b2Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"},{"name":"hipaa-1806.08b2Organizational.4-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"},{"name":"hipaa-1807.08b2Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"},{"name":"hipaa-1808.08b2Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"},{"name":"hipaa-1809.08b3Organizational.1-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"},{"name":"hipaa-1810.08b3Organizational.2-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"},{"name":"hipaa-18108.08j1Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"},{"name":"hipaa-18109.08j1Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"},{"name":"hipaa-1811.08b3Organizational.3-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"},{"name":"hipaa-18110.08j1Organizational.5-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"},{"name":"hipaa-18111.08j1Organizational.6-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"},{"name":"hipaa-18112.08j3Organizational.4-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"},{"name":"hipaa-1812.08b3Organizational.46-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"},{"name":"hipaa-18127.08l1Organizational.3-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"},{"name":"hipaa-1813.08b3Organizational.56-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"},{"name":"hipaa-18130.09p1Organizational.24-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"},{"name":"hipaa-18131.09p1Organizational.3-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"},{"name":"hipaa-1814.08d1Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"},{"name":"hipaa-18145.08b3Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"},{"name":"hipaa-18146.08b3Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"},{"name":"hipaa-1815.08d2Organizational.123-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"},{"name":"hipaa-1816.08d2Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"},{"name":"hipaa-1817.08d3Organizational.12-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"},{"name":"hipaa-1818.08d3Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"},{"name":"hipaa-1819.08j1Organizational.23-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"},{"name":"hipaa-1820.08j2Organizational.1-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"},{"name":"hipaa-1821.08j2Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"},{"name":"hipaa-1822.08j2Organizational.2-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"},{"name":"hipaa-1823.08j3Organizational.12-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"},{"name":"hipaa-1824.08j3Organizational.3-08.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"},{"name":"hipaa-1825.08l1Organizational.12456-08.l","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"},{"name":"hipaa-1826.09p1Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"},{"name":"hipaa-1827.09p2Organizational.1-09.p","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"},{"name":"hipaa-1844.08b1Organizational.6-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"},{"name":"hipaa-1845.08b1Organizational.7-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"},{"name":"hipaa-1846.08b2Organizational.8-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"},{"name":"hipaa-1847.08b2Organizational.910-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"},{"name":"hipaa-1848.08b2Organizational.11-08.b","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"},{"name":"hipaa-1862.08d1Organizational.3-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"},{"name":"hipaa-1863.08d1Organizational.4-08.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"},{"name":"hipaa-1901.06d1Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"},{"name":"hipaa-1902.06d1Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"},{"name":"hipaa-1903.06d1Organizational.3456711-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"},{"name":"hipaa-1904.06.d2Organizational.1-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"},{"name":"hipaa-1906.06.c1Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"},{"name":"hipaa-1907.06.c1Organizational.3-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"},{"name":"hipaa-1908.06.c1Organizational.4-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"},{"name":"hipaa-1911.06d1Organizational.13-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"},{"name":"hipaa-19134.05j1Organizational.5-05.j","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"},{"name":"hipaa-19141.06c1Organizational.7-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"},{"name":"hipaa-19142.06c1Organizational.8-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"},{"name":"hipaa-19143.06c1Organizational.9-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"},{"name":"hipaa-19144.06c2Organizational.1-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"},{"name":"hipaa-19145.06c2Organizational.2-06.c","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"},{"name":"hipaa-19242.06d1Organizational.14-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"},{"name":"hipaa-19243.06d1Organizational.15-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"},{"name":"hipaa-19245.06d2Organizational.2-06.d","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Kubernetes cluster pod security baseline standards for Linux-based workloads","policyType":"BuiltIn","description":"This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), @@ -8312,7 +12720,607 @@ interactions: Configuration","deprecated":true},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"[Deprecated]: Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Preview]: + CMMC Level 3","policyType":"BuiltIn","description":"This initiative includes + policies that address a subset of Cybersecurity Maturity Model Certification + (CMMC) Level 3 requirements. Additional policies will be added in upcoming + releases. For more information, visit https://aka.ms/cmmc-initiative.","metadata":{"version":"3.0.0-preview","preview":true,"category":"Regulatory + Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating guest configuration policies","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine; + for more information, visit https://aka.ms/policy-pricing"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be excluded from Windows VM Administrators group","description":"A + semicolon-separated list of users that should be excluded in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be included in Windows VM Administrators group","description":"A + semicolon-separated list of users that should be included in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that Windows VM Administrators group must only include","description":"A + semicolon-separated list of all the expected members of the Administrators + local group; Ex: Administrator; myUser1; myUser2","deprecated":true},"defaultValue":"Administrator"},"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917":{"type":"String","metadata":{"displayName":"[Preview]: + Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) + of the Log Analytics workspace where VMs agents should report"}},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive network hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0b15565f-aa9e-48ba-8619-45960f2c314d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification to subscription owner for high severity + alerts should be enabled","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network Security: Configure encryption types allowed for Kerberos","description":"Specifies + the encryption types that Kerberos is allowed to use."},"defaultValue":"2147483644"},"NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: LAN Manager authentication level","description":"Specify + which challenge-response authentication protocol is used for network logons. + This choice affects the level of authentication protocol used by clients, + the level of session security negotiated, and the level of authentication + accepted by servers."},"defaultValue":"5"},"NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: LDAP client signing requirements","description":"Specify + the level of data signing that is requested on behalf of clients that issue + LDAP BIND requests."},"defaultValue":"1"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: Minimum session security for NTLM SSP based (including secure + RPC) clients","description":"Specifies which behaviors are allowed by clients + for applications using the NTLM Security Support Provider (SSP). The SSP Interface + (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers + for more information."},"defaultValue":"537395200"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Network security: Minimum session security for NTLM SSP based (including secure + RPC) servers","description":"Specifies which behaviors are allowed by servers + for applications using the NTLM Security Support Provider (SSP). The SSP Interface + (SSPI) is used by applications that need authentication services."},"defaultValue":"537395200"},"effect-1221c620-d201-468c-81e7-2817e6107e84":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - Network Security''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not restrict the minimum + password length to 14 characters","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope + when auditing Log Analytics agent deployment","description":"Example value: + ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope when + auditing Log Analytics agent deployment","description":"Example value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that have accounts without passwords","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subscriptions should have a contact email address for security + issues","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''","deprecated":true},"defaultValue":[]},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Preview]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that allow re-use of the previous + 24 passwords","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-760a85ff-6162-42b3-8d70-698e268f648c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities should be remediated by a Vulnerability + Assessment solution","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-bf16e0bb-31e1-4646-8202-60a235cc7e74":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not have the password complexity + setting enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9":{"type":"Array","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Web app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-da0f98fe-a24b-4ad5-af69-bd0400233661":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines that do not store passwords using + reversible encryption","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9b597639-28e4-48eb-b506-56b05d366257":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft IaaSAntimalware extension should be deployed + on Windows servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9daedab3-fb2d-461e-b861-71790eead4f6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: All network ports should be restricted on network security + groups associated to your virtual machine","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Preview]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"},"effect-a70ca396-0a34-413a-88e1-b956c1e683be":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: The Log Analytics agent should be installed on virtual + machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"effect-b4d66858-c922-44e3-9566-5cdb7a7be744":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A security contact phone number should be provided for + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Preview]: + List of regions where Network Watcher should be enabled","description":"Audit + if Network Watcher is not enabled for region(s).","strongType":"location"},"defaultValue":["[]"]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Preview]: + Name of the resource group for Network Watcher","description":"Name of the + resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource + group where the Network Watchers are located."},"defaultValue":"NetworkWatcherRG"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Ensure that ''HTTP Version'' is the latest, if used to + run the Function app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that allow remote connections from + accounts without passwords","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-efbde977-ba53-4479-b8e9-10b957924fbf":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: The Log Analytics agent should be installed on Virtual + Machine Scale Sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e6955644-301c-44b5-a4c4-528577de6861":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that do not have the passwd file permissions + set to 0644","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fb893a29-21bb-418c-a157-e99480ec364c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable + Kubernetes version","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3b980d31-7904-4bb7-8575-5665739a8052":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Security + operations (Microsoft.Security/securitySolutions/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"operationName-3b980d31-7904-4bb7-8575-5665739a8052":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Security Operation name for which activity + log alert should exist","deprecated":true},"allowedValues":["Microsoft.Security/policies/write","Microsoft.Security/securitySolutions/write","Microsoft.Security/securitySolutions/delete"],"defaultValue":[]},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Preview]: + Required retention period (days) for IoT Hub resource logs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Application Gateway","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Mode Requirement","description":"Mode required for all WAF policies"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Azure Front Door Service","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Mode Requirement","description":"Mode required for all WAF policies"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-361c2074-3595-4e5d-8cab-4f21dffc835c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deploy Advanced Threat Protection on Storage Accounts","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-b5f04e03-92a3-4b09-9410-2cc5e5047656":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deploy Advanced Threat Protection for Cosmos DB Accounts","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: All Internet traffic should be routed via your deployed + Azure Firewall","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-013e242c-8828-4970-87b3-ab247555486d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Backup should be enabled for Virtual Machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d38fc420-0735-4ef3-ac11-c806f651a570":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Long-term geo-redundant backup should be enabled for Azure + SQL Databases","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a1181c5f-672a-477a-979a-7d58aa086233":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Security Center standard pricing tier should be selected","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for Cognitive + Services accounts","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Function + Apps","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0fea8f8a-4169-495d-8307-30ec335f387d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every domain to access your API for + FHIR","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","disabled"],"defaultValue":"audit"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your API + App","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Remotely accessible registry paths","description":"Specifies + which registry paths will be accessible over the network, regardless of the + users or groups listed in the access control list (ACL) of the `winreg` registry + key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server + Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Remotely accessible registry paths and sub-paths","description":"Specifies + which registry paths and sub-paths will be accessible over the network, regardless + of the users or groups listed in the access control list (ACL) of the `winreg` + registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP + Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows + NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal + Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal + Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Network access: Shares that can be accessed anonymously","description":"Specifies + which network shares can be accessed by anonymous users. The default configuration + for this policy setting has little effect because all users have to be authenticated + before they can access shared resources on the server."},"defaultValue":"0"},"effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - Network Access''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for PostgreSQL + flexible servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for PostgreSQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-c9299215-ae47-4f50-9c54-8a392f68a052":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MySQL flexible + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c9d007d0-c057-4772-b18c-01e546713bcd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should allow access from trusted Microsoft + services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Container registries should not allow unrestricted network + access","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d9844e8a-1437-4aeb-a32c-0c992f056095":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Public network access should be disabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Kubernetes cluster pods should only use approved host network + and port range","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Preview]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods should + only use approved host network and port range","description":"List of Kubernetes + namespaces to exclude from policy evaluation."},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed host paths for pod hostPath volumes to use","description":"The host + paths allowed for pod hostPath volumes to use. Provide an empty paths list + to block all host paths."},"defaultValue":["{\"paths\":[]}"]},"allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Boolean","metadata":{"displayName":"[Preview]: + Allow host network usage for Kubernetes cluster pods","description":"Set this + value to true if pod is allowed to use host network otherwise false."},"defaultValue":false},"minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum value in the allowable host port range that pods can use in the host + network namespace","description":"The minimum value in the allowable host + port range that pods can use in the host network namespace."},"defaultValue":0},"maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Preview]: + Maximum value in the allowable host port range that pods can use in the host + network namespace","description":"The maximum value in the allowable host + port range that pods can use in the host network namespace."},"defaultValue":0},"effect-55615ac9-af46-4a59-874e-391cc3dfb490":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Firewall should be enabled on Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Admin Approval Mode for the Built-in Administrator account","description":"Specifies + the behavior of Admin Approval Mode for the built-in Administrator account."},"defaultValue":"1"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Behavior of the elevation prompt for administrators in Admin Approval + Mode","description":"Specifies the behavior of the elevation prompt for administrators."},"defaultValue":"2"},"UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Detect application installations and prompt for elevation","description":"Specifies + the behavior of application installation detection for the computer."},"defaultValue":"1"},"UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + UAC: Run all administrators in Admin Approval Mode","description":"Specifies + the behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"},"effect-492a29ed-d143-4f03-b6a4-705ce081b463":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Options - User Account Control''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may log on locally","description":"Specifies which remote + users on the network are permitted to connect to the computer. This does not + include Remote Desktop Connection."},"defaultValue":"Administrators, Authenticated + Users"},"UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may log on locally","description":"Specifies which users + or groups can interactively log on to the computer. Users who attempt to log + on via Remote Desktop Connection or IIS also require this user right."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Remote Desktop Users","description":"Users or groups that may log on through + Remote Desktop Services"},"defaultValue":"Administrators"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied access to this computer from the network","description":"Specifies + which users or groups are explicitly prohibited from connecting to the computer + across the network."},"defaultValue":"Guests"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may manage auditing and security log","description":"Specifies + users and groups permitted to change the auditing options for files and directories + and clear the Security log."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may back up files and directories","description":"Specifies + users and groups allowed to circumvent file and directory permissions to back + up the system."},"defaultValue":"Administrators, Backup Operators"},"UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may change the system time","description":"Specifies + which users and groups are permitted to change the time and date on the internal + clock of the computer."},"defaultValue":"Administrators, LOCAL SERVICE"},"UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may change the time zone","description":"Specifies which + users and groups are permitted to change the time zone of the computer."},"defaultValue":"Administrators, + LOCAL SERVICE"},"UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may create a token object","description":"Specifies which + users and groups are permitted to create an access token, which may provide + elevated rights to access sensitive data."},"defaultValue":"No One"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied logging on as a batch job","description":"Specifies + which users and groups are explicitly not permitted to log on to the computer + as a batch job (i.e. scheduled task)."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied logging on as a service","description":"Specifies + which service accounts are explicitly not permitted to register a process + as a service."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied local logon","description":"Specifies which + users and groups are explicitly not permitted to log on to the computer."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that are denied log on through Remote Desktop Services","description":"Specifies + which users and groups are explicitly not permitted to log on to the computer + via Terminal Services/Remote Desktop Client."},"defaultValue":"Guests"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + User and groups that may force shutdown from a remote system","description":"Specifies + which users and groups are permitted to shut down the computer from a remote + location on the network."},"defaultValue":"Administrators"},"UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that may restore files and directories","description":"Specifies + which users and groups are permitted to bypass file, directory, registry, + and other persistent object permissions when restoring backed up files and + directories."},"defaultValue":"Administrators, Backup Operators"},"UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users and groups that may shut down the system","description":"Specifies which + users and groups who are logged on locally to the computers in your environment + are permitted to shut down the operating system with the Shut Down command."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Users or groups that may take ownership of files or other objects","description":"Specifies + which users and groups are permitted to take ownership of files, folders, + registry keys, processes, or threads. This user right bypasses any permissions + that are in place to protect objects to give ownership to the specified user."},"defaultValue":"Administrators"},"effect-e068b215-0026-4354-b347-8fb2766f73a2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''User Rights + Assignment''","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-87845465-c458-45f3-af66-dcd62176f397":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''System + Audit Policies - Privilege Use''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit usage of custom RBAC rules","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b954148f-4c11-4c38-8221-be76711e194a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations","description":"For more information about effects, visit https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"operationName-b954148f-4c11-4c38-8221-be76711e194a":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Administrative Operation name for which activity + log alert should be configured","deprecated":true},"allowedValues":["Microsoft.Sql/servers/firewallRules/write","Microsoft.Sql/servers/firewallRules/delete","Microsoft.Network/networkSecurityGroups/write","Microsoft.Network/networkSecurityGroups/delete","Microsoft.ClassicNetwork/networkSecurityGroups/write","Microsoft.ClassicNetwork/networkSecurityGroups/delete","Microsoft.Network/networkSecurityGroups/securityRules/write","Microsoft.Network/networkSecurityGroups/securityRules/delete","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write","Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"],"defaultValue":[]},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Sql/servers/firewallRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.ClassicNetwork/networkSecurityGroups/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Administrative + operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Virtual machines should have the Guest Configuration extension","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Guest Configuration extension should be deployed to Azure + virtual machines with system assigned managed identity","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Monitor log profile should collect logs for categories + ''write,'' ''delete,'' and ''action''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7796937f-307b-4598-941c-67d3a05ebfe7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure subscriptions should have a log profile for Activity + Log","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An activity log alert should exist for specific Policy + operations (Microsoft.Authorization/policyAssignments/delete)","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858":{"type":"String","metadata":{"displayName":"[Preview]: + Operation Name","description":"Policy Operation name for which activity log + alert should exist","deprecated":true},"allowedValues":["Microsoft.Authorization/policyAssignments/write","Microsoft.Authorization/policyAssignments/delete"],"defaultValue":[]},"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Monitor should collect activity logs from all regions","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b02aacc0-b073-424e-8298-42b22829ee0a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Activity log should be retained for at least one year","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"TimeZone-c633f6a2-7f8b-4d9e-9456-02f0f04f5505":{"type":"String","metadata":{"displayName":"[Preview]: + Time zone","description":"The expected time zone","deprecated":true},"allowedValues":[],"defaultValue":[]},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MariaDB","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-48af4db5-9b8b-401c-8e74-076be876a430":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for PostgreSQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-82339799-d096-41ae-8538-b108becf0970":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MySQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f0f936f-2f01-4bf5-b6be-d423792fa562":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in Azure Container Registry images should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-bb91dfba-c30d-4263-9add-9c2384e659a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Non-internet-facing virtual machines should be protected + with network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e71308d3-144b-4262-b144-efdc3cc90517":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Subnets should be associated with a Network Security Group","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed key types","description":"The list of allowed key types"},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM","EC","EC-HSM"]},"effect-75c4f823-d65c-4f29-a733-01d0077fdbcb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should be the specified cryptographic type RSA or + EC","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum RSA key size for keys","description":"The minimum key size for RSA + keys."},"allowedValues":[2048,3072,4096],"defaultValue":2048},"effect-82067dbb-e53b-4e06-b631-546d197452d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys using RSA cryptography should have a specified minimum + key size","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0":{"type":"Integer","metadata":{"displayName":"[Preview]: + Minimum RSA key size certificates","description":"The minimum key size for + RSA certificates."},"allowedValues":[2048,3072,4096],"defaultValue":2048},"effect-cee51871-e572-4576-855c-047c820360f0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Certificates using RSA cryptography should have the specified + minimum key size","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed elliptic curve names","description":"The list of allowed curve names + for elliptic curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys using elliptic curve cryptography should have the + specified curve names","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-24fba194-95d6-48c0-aea7-f65bf859c598":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Infrastructure encryption should be enabled for Azure Database + for PostgreSQL servers","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should enable data encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-3a58212a-c829-4f13-9872-6371df2fd0b4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Infrastructure encryption should be enabled for Azure Database + for MySQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should have infrastructure encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Cognitive Services accounts should enable data encryption + with customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Data Explorer encryption at rest should use a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c349d81b-9985-44ae-a8da-ff98d108ede8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Data Box jobs should enable double encryption for + data at rest on the device","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8":{"type":"Array","metadata":{"displayName":"[Preview]: + Azure Data Box SKUs that support software-based double encryption","description":"The + list of Azure Data Box SKUs that support software-based double encryption"},"allowedValues":["DataBox","DataBoxHeavy"],"defaultValue":["DataBox","DataBoxHeavy"]},"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be enabled on Azure Data Explorer","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Double encryption should be enabled on Azure Data Explorer","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL managed instances should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-051cba44-2429-45b9-9649-46cec11c7119":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure API for FHIR should use a customer-managed key to + encrypt data at rest","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","disabled"],"defaultValue":"audit"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: SQL servers should use customer-managed keys to encrypt + data at rest","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Unattached disks should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Automation account variables should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Container registries should be encrypted with a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-617c02be-7f02-4efd-8836-3180d47b6c68":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel + property set to EncryptAndSign","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Both operating systems and data disks in Azure Kubernetes + Service clusters should be encrypted by customer-managed keys","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Stream Analytics jobs should use customer-managed + keys to encrypt data","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-f7d52b2d-e161-4dfa-a82b-55e564167385":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure Synapse workspaces should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft Antimalware for Azure should be configured to + automatically update protection signatures","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Keys should have expiration dates set","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Key vault should have soft delete enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-123a3936-f020-408a-ba0c-47873faf1534":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Allowlist rules in your adaptive application control policy + should be updated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Linux machines should meet requirements for the Azure security + baseline","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Audit Authentication Policy Change","description":"Specifies whether audit + events are generated when changes are made to authentication policy. This + setting is useful for tracking changes in domain-level and forest-level trust + and privileges that are granted to user accounts or groups."},"allowedValues":["No + Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Audit Authorization Policy Change","description":"Specifies whether audit + events are generated for assignment and removal of user rights in user right + policies, changes in security token object permission, resource attributes + changes and Central Access Policy changes for file system objects."},"allowedValues":["No + Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''System + Audit Policies - Policy Change''","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"}},"groupNames":["CMMC_L3_AC.3.017"]},{"policyDefinitionReferenceId":"f47b5582-33ec-4c5c-87c0-b010a6b2e917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"0b15565f-aa9e-48ba-8619-45960f2c314d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''effect-0b15565f-aa9e-48ba-8619-45960f2c314d'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185"]},{"policyDefinitionReferenceId":"3cf2ab00-13f1-4d0c-8971-2ac904541a7e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"497dff13-db2a-4c0f-8603-28fa3b331ab6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_AC.3.021","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081"]},{"policyDefinitionReferenceId":"1221c620-d201-468c-81e7-2817e6107e84","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityLANManagerAuthenticationLevel":{"value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityLDAPClientSigningRequirements":{"value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84'')]"},"effect":{"value":"[parameters(''effect-1221c620-d201-468c-81e7-2817e6107e84'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.2.064","CMMC_L3_IA.1.077","CMMC_L3_IA.2.078","CMMC_L3_IA.2.079","CMMC_L3_IA.2.081","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"a2d0e922-65d0-40c4-8f87-ea6da2d307a2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2'')]"}},"groupNames":["CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_SI.1.211"]},{"policyDefinitionReferenceId":"32133ab0-ee4b-4b44-98d6-042180979d50","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.013","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183","CMMC_L3_SC.3.185","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.061","CMMC_L3_CM.2.063","CMMC_L3_CM.3.068","CMMC_L3_CM.3.069"]},{"policyDefinitionReferenceId":"496223c3-ad65-4ecd-878a-bae78737e9ed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["CMMC_L3_AC.3.017","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.007"]},{"policyDefinitionReferenceId":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.007"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["CMMC_L3_AC.1.001"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"7008174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"7238174a-fd10-4ef0-817e-fc820a951d73","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"7261b898-8a84-4db8-9e04-18527132abb3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"5b054a0d-39e2-4d53-bea3-9734cad2c69b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b'')]"}},"groupNames":["CMMC_L3_IA.2.079"]},{"policyDefinitionReferenceId":"74c3584d-afae-46f7-a20a-6f8adba71a16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"bf16e0bb-31e1-4646-8202-60a235cc7e74","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-bf16e0bb-31e1-4646-8202-60a235cc7e74'')]"}},"groupNames":["CMMC_L3_IA.2.078"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_AU.3.048","CMMC_L3_AU.3.049"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"88999f4c-376a-45c8-bcb3-4058f713cf39","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"8c122334-9d20-4eb8-89ea-ac9a705b74ae","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{"effect":{"value":"[parameters(''effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"da0f98fe-a24b-4ad5-af69-bd0400233661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-da0f98fe-a24b-4ad5-af69-bd0400233661'')]"}},"groupNames":["CMMC_L3_IA.2.081","CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"991310cd-e9f3-47bc-b7b6-f57b557d07db","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{"effect":{"value":"[parameters(''effect-991310cd-e9f3-47bc-b7b6-f57b557d07db'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"9b597639-28e4-48eb-b506-56b05d366257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''effect-9b597639-28e4-48eb-b506-56b05d366257'')]"}},"groupNames":["CMMC_L3_SI.1.211","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"9daedab3-fb2d-461e-b861-71790eead4f6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''effect-9daedab3-fb2d-461e-b861-71790eead4f6'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CA.2.158","CMMC_L3_CA.3.161"]},{"policyDefinitionReferenceId":"a70ca396-0a34-413a-88e1-b956c1e683be","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","parameters":{"effect":{"value":"[parameters(''effect-a70ca396-0a34-413a-88e1-b956c1e683be'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CM.2.064","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_SC.3.191","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.046","CMMC_L3_CM.2.064","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_SC.3.191","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_IR.2.093","CMMC_L3_SI.1.211","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"5752e6d6-1206-46d8-8ab1-ecc2f71a8112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["CMMC_L3_AC.2.013","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e2c1c086-2d84-4019-bff3-c44ccd95113c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{"effect":{"value":"[parameters(''effect-e2c1c086-2d84-4019-bff3-c44ccd95113c'')]"}},"groupNames":["CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["CMMC_L3_IA.1.077","CMMC_L3_IA.3.083","CMMC_L3_IA.3.084","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"ea53dbee-c6c9-4f0e-9f9e-de0039b78023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.013"]},{"policyDefinitionReferenceId":"efbde977-ba53-4479-b8e9-10b957924fbf","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","parameters":{"effect":{"value":"[parameters(''effect-efbde977-ba53-4479-b8e9-10b957924fbf'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"e6955644-301c-44b5-a4c4-528577de6861","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-e6955644-301c-44b5-a4c4-528577de6861'')]"}},"groupNames":["CMMC_L3_IA.1.077"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.1.176","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["CMMC_L3_IA.3.084","CMMC_L3_SC.1.175","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"fb893a29-21bb-418c-a157-e99480ec364c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''effect-fb893a29-21bb-418c-a157-e99480ec364c'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["CMMC_L3_RM.2.143","CMMC_L3_SI.1.210"]},{"policyDefinitionReferenceId":"3b980d31-7904-4bb7-8575-5665739a8052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052","parameters":{"effect":{"value":"[parameters(''effect-3b980d31-7904-4bb7-8575-5665739a8052'')]"},"operationName":{"value":"Microsoft.Security/securitySolutions/delete"}},"groupNames":["CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.065","CMMC_L3_IR.2.093","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"6e2593d9-add6-4083-9c9b-4b7d2188c899","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"c251913d-7d24-4958-af87-478ed3b9ba41","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41","parameters":{},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"383856f8-de7f-44a2-81fc-e5135b5c2aa4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"}},"groupNames":["CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["CMMC_L3_AU.3.048"]},{"policyDefinitionReferenceId":"12430be1-6cc8-4527-a9a8-e3d38f250096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096","parameters":{"effect":{"value":"[parameters(''effect-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"425bea59-a659-4cbb-8d31-34499bd030b8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8","parameters":{"effect":{"value":"[parameters(''effect-425bea59-a659-4cbb-8d31-34499bd030b8'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"055aa869-bc98-4af8-bafc-23f1ab6ffe2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"361c2074-3595-4e5d-8cab-4f21dffc835c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","parameters":{"effect":{"value":"[parameters(''effect-361c2074-3595-4e5d-8cab-4f21dffc835c'')]"}},"groupNames":["CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"b5f04e03-92a3-4b09-9410-2cc5e5047656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","parameters":{"effect":{"value":"[parameters(''effect-b5f04e03-92a3-4b09-9410-2cc5e5047656'')]"}},"groupNames":["CMMC_L3_IR.2.093"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["CMMC_L3_AC.1.003","CMMC_L3_AC.2.016","CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.3.183","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"013e242c-8828-4970-87b3-ab247555486d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''effect-013e242c-8828-4970-87b3-ab247555486d'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"d38fc420-0735-4ef3-ac11-c806f651a570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''effect-d38fc420-0735-4ef3-ac11-c806f651a570'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"a1181c5f-672a-477a-979a-7d58aa086233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{"effect":{"value":"[parameters(''effect-a1181c5f-672a-477a-979a-7d58aa086233'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.063","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144"]},{"policyDefinitionReferenceId":"0e6763cc-5078-4e64-889d-ff4d9a839047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SC.3.187","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"2913021d-f2fd-4f3d-b958-22354e2bdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"308fbb08-4ab8-4e67-9b29-592e93fb94fa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"4da35fc9-c9e7-4960-aec9-797fe7d9051d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"523b5cd1-3e23-492f-a539-13118b6d1e3a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"6581d072-105e-4418-827f-bd446d56421b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["CMMC_L3_IR.2.093","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144","CMMC_L3_SI.1.213","CMMC_L3_SI.2.216"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.007","CMMC_L3_AC.2.013","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.2.179","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"037eea7a-bd0a-46c5-9a66-03aea78705d3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''effect-037eea7a-bd0a-46c5-9a66-03aea78705d3'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0725b4dd-7e76-479c-a735-68e7ee23d5ca","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0820b7b9-23aa-4725-a1ce-ae4558f718e5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"0fea8f8a-4169-495d-8307-30ec335f387d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d","parameters":{"effect":{"value":"[parameters(''effect-0fea8f8a-4169-495d-8307-30ec335f387d'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"1b8ca024-1d5c-4dec-8995-b1a932b41780","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.1.003"]},{"policyDefinitionReferenceId":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"},"effect":{"value":"[parameters(''effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.3.068","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"5e1de0e3-42cb-4ebc-a86d-61d0c619ca48","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48","parameters":{"effect":{"value":"[parameters(''effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.007","CMMC_L3_AC.2.016","CMMC_L3_CM.2.062"]},{"policyDefinitionReferenceId":"b52376f7-9612-48a1-81cd-1ffe4b61032c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''effect-b52376f7-9612-48a1-81cd-1ffe4b61032c'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"c9299215-ae47-4f50-9c54-8a392f68a052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052","parameters":{"effect":{"value":"[parameters(''effect-c9299215-ae47-4f50-9c54-8a392f68a052'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"c9d007d0-c057-4772-b18c-01e546713bcd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{"effect":{"value":"[parameters(''effect-c9d007d0-c057-4772-b18c-01e546713bcd'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d0793b48-0edc-4296-a390-4c75d1bdfd71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''effect-d0793b48-0edc-4296-a390-4c75d1bdfd71'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d9844e8a-1437-4aeb-a32c-0c992f056095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''effect-d9844e8a-1437-4aeb-a32c-0c992f056095'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"e372f825-a257-4fb8-9175-797a8a8627d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.1.003","CMMC_L3_AC.2.015","CMMC_L3_AC.2.016"]},{"policyDefinitionReferenceId":"fdccbe47-f3e3-4213-ad5d-ea459b2fa077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_AC.2.016","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"d158790f-bfb0-486c-8631-2dc6b4e8e6af","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["CMMC_L3_AC.1.002","CMMC_L3_SC.3.185","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"82985f06-dc18-4a48-bc1c-b9f4f0098cfe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"namespaces":{"value":"[parameters(''namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"allowHostNetwork":{"value":"[parameters(''allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"minPort":{"value":"[parameters(''minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"maxPort":{"value":"[parameters(''maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"55615ac9-af46-4a59-874e-391cc3dfb490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''effect-55615ac9-af46-4a59-874e-391cc3dfb490'')]"}},"groupNames":["CMMC_L3_AC.1.001","CMMC_L3_AC.1.002","CMMC_L3_CM.2.064","CMMC_L3_IR.2.093","CMMC_L3_SC.3.183","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"492a29ed-d143-4f03-b6a4-705ce081b463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"UACRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463'')]"},"effect":{"value":"[parameters(''effect-492a29ed-d143-4f03-b6a4-705ce081b463'')]"}},"groupNames":["CMMC_L3_AC.2.008","CMMC_L3_AC.3.021","CMMC_L3_CM.2.063"]},{"policyDefinitionReferenceId":"e068b215-0026-4354-b347-8fb2766f73a2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2'')]"},"effect":{"value":"[parameters(''effect-e068b215-0026-4354-b347-8fb2766f73a2'')]"}},"groupNames":["CMMC_L3_AC.2.008","CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"87845465-c458-45f3-af66-dcd62176f397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-87845465-c458-45f3-af66-dcd62176f397'')]"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_CM.2.062"]},{"policyDefinitionReferenceId":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5'')]"}},"groupNames":["CMMC_L3_AC.3.018"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete'')]"},"operationName":{"value":"Microsoft.Sql/servers/firewallRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete'')]"},"operationName":{"value":"Microsoft.ClassicNetwork/networkSecurityGroups/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.Network/networkSecurityGroups/securityRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b954148f-4c11-4c38-8221-be76711e194a-4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a","parameters":{"effect":{"value":"[parameters(''effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete'')]"},"operationName":{"value":"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"}},"groupNames":["CMMC_L3_AC.3.018","CMMC_L3_AC.3.021","CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"331e8ea8-378a-410f-a2e5-ae22f38bb0da","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"ae89ebca-1c92-4898-ac2c-9f63decb045c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c","parameters":{"effect":{"value":"[parameters(''effect-ae89ebca-1c92-4898-ac2c-9f63decb045c'')]"}},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"d26f7642-7545-4e18-9b75-8c9bbdee3a9a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a","parameters":{"effect":{"value":"[parameters(''effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a'')]"}},"groupNames":["CMMC_L3_AC.3.021"]},{"policyDefinitionReferenceId":"1a4e592a-6a6e-44a5-9814-e36264ca96e7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{"effect":{"value":"[parameters(''effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"7796937f-307b-4598-941c-67d3a05ebfe7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''effect-7796937f-307b-4598-941c-67d3a05ebfe7'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"c5447c04-a4d7-4ba8-a263-c9ee321a6858","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858","parameters":{"effect":{"value":"[parameters(''effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858'')]"},"operationName":{"value":"Microsoft.Authorization/policyAssignments/delete"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_AU.3.049","CMMC_L3_CM.2.061","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{"effect":{"value":"[parameters(''effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9'')]"}},"groupNames":["CMMC_L3_AU.2.041","CMMC_L3_AU.2.042","CMMC_L3_CM.2.065","CMMC_L3_SI.2.216","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"b02aacc0-b073-424e-8298-42b22829ee0a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{"effect":{"value":"[parameters(''effect-b02aacc0-b073-424e-8298-42b22829ee0a'')]"}},"groupNames":["CMMC_L3_AU.2.042","CMMC_L3_SI.2.217"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["CMMC_L3_IR.2.092","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143","CMMC_L3_RM.3.144"]},{"policyDefinitionReferenceId":"0ec47710-77ff-4a3d-9181-6aa50af424d0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''effect-0ec47710-77ff-4a3d-9181-6aa50af424d0'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"48af4db5-9b8b-401c-8e74-076be876a430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''effect-48af4db5-9b8b-401c-8e74-076be876a430'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"82339799-d096-41ae-8538-b108becf0970","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''effect-82339799-d096-41ae-8538-b108becf0970'')]"}},"groupNames":["CMMC_L3_RE.2.137","CMMC_L3_RE.3.139"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"5f0f936f-2f01-4bf5-b6be-d423792fa562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''effect-5f0f936f-2f01-4bf5-b6be-d423792fa562'')]"}},"groupNames":["CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_RM.2.141","CMMC_L3_RM.2.142","CMMC_L3_RM.2.143"]},{"policyDefinitionReferenceId":"bb91dfba-c30d-4263-9add-9c2384e659a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6","parameters":{"effect":{"value":"[parameters(''effect-bb91dfba-c30d-4263-9add-9c2384e659a6'')]"}},"groupNames":["CMMC_L3_CM.3.068","CMMC_L3_SC.1.175","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"e71308d3-144b-4262-b144-efdc3cc90517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''effect-e71308d3-144b-4262-b144-efdc3cc90517'')]"}},"groupNames":["CMMC_L3_CM.3.068","CMMC_L3_SC.1.176","CMMC_L3_SC.3.180","CMMC_L3_SC.3.183"]},{"policyDefinitionReferenceId":"75c4f823-d65c-4f29-a733-01d0077fdbcb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb","parameters":{"allowedKeyTypes":{"value":"[parameters(''allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb'')]"},"effect":{"value":"[parameters(''effect-75c4f823-d65c-4f29-a733-01d0077fdbcb'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"82067dbb-e53b-4e06-b631-546d197452d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9","parameters":{"minimumRSAKeySize":{"value":"[parameters(''minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9'')]"},"effect":{"value":"[parameters(''effect-82067dbb-e53b-4e06-b631-546d197452d9'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"cee51871-e572-4576-855c-047c820360f0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","parameters":{"minimumRSAKeySize":{"value":"[parameters(''minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0'')]"},"effect":{"value":"[parameters(''effect-cee51871-e572-4576-855c-047c820360f0'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.190"]},{"policyDefinitionReferenceId":"ff25f3c8-b739-4538-9d07-3d6d25cfb255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255","parameters":{"allowedECNames":{"value":"[parameters(''allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255'')]"},"effect":{"value":"[parameters(''effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"24fba194-95d6-48c0-aea7-f65bf859c598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24fba194-95d6-48c0-aea7-f65bf859c598","parameters":{"effect":{"value":"[parameters(''effect-24fba194-95d6-48c0-aea7-f65bf859c598'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"2bdd0062-9d75-436e-89df-487dd8e4b3c7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3a58212a-c829-4f13-9872-6371df2fd0b4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4","parameters":{"effect":{"value":"[parameters(''effect-3a58212a-c829-4f13-9872-6371df2fd0b4'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"4733ea7b-a883-42fe-8cac-97454c2a9e4a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a","parameters":{"effect":{"value":"[parameters(''effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"67121cc7-ff39-4ab8-b7e3-95b84dab487d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"6fac406b-40ca-413b-bf8e-0bf964659c25","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"81e74cea-30fd-40d5-802f-d72103c2aaaa","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa","parameters":{"effect":{"value":"[parameters(''effect-81e74cea-30fd-40d5-802f-d72103c2aaaa'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"a7ff3161-0087-490a-9ad9-ad6217f4f43a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"c349d81b-9985-44ae-a8da-ff98d108ede8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8","parameters":{"effect":{"value":"[parameters(''effect-c349d81b-9985-44ae-a8da-ff98d108ede8'')]"},"supportedSKUs":{"value":"[parameters(''supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"f4b53539-8df9-40e4-86c6-6b607703bd4e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e","parameters":{"effect":{"value":"[parameters(''effect-f4b53539-8df9-40e4-86c6-6b607703bd4e'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1","parameters":{"effect":{"value":"[parameters(''effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"048248b0-55cd-46da-b1ff-39efd52db260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"051cba44-2429-45b9-9649-46cec11c7119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119","parameters":{"effect":{"value":"[parameters(''effect-051cba44-2429-45b9-9649-46cec11c7119'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"0d134df8-db83-46fb-ad72-fe0c9428c8dd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"3657f5a0-770e-44a3-b44e-9431ba1e9735","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''effect-3657f5a0-770e-44a3-b44e-9431ba1e9735'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"617c02be-7f02-4efd-8836-3180d47b6c68","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''effect-617c02be-7f02-4efd-8836-3180d47b6c68'')]"}},"groupNames":["CMMC_L3_SC.3.177","CMMC_L3_SC.3.191"]},{"policyDefinitionReferenceId":"7d7be79c-23ba-4033-84dd-45e2a5ccdd67","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67","parameters":{"effect":{"value":"[parameters(''effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"87ba29ef-1ab3-4d82-b763-87fcd4f531f7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7","parameters":{"effect":{"value":"[parameters(''effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"f7d52b2d-e161-4dfa-a82b-55e564167385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385","parameters":{"effect":{"value":"[parameters(''effect-f7d52b2d-e161-4dfa-a82b-55e564167385'')]"}},"groupNames":["CMMC_L3_SC.3.177"]},{"policyDefinitionReferenceId":"c43e4a30-77cb-48ab-a4dd-93f175c63b57","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","parameters":{"effect":{"value":"[parameters(''effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57'')]"}},"groupNames":["CMMC_L3_SI.1.210","CMMC_L3_SI.1.211","CMMC_L3_SI.1.212","CMMC_L3_SI.1.213"]},{"policyDefinitionReferenceId":"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0","parameters":{"effect":{"value":"[parameters(''effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d'')]"}},"groupNames":["CMMC_L3_SC.3.187"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["CMMC_L3_SC.3.181"]},{"policyDefinitionReferenceId":"123a3936-f020-408a-ba0c-47873faf1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534","parameters":{"effect":{"value":"[parameters(''effect-123a3936-f020-408a-ba0c-47873faf1534'')]"}},"groupNames":["CMMC_L3_CA.2.158","CMMC_L3_CA.3.161","CMMC_L3_CM.2.063","CMMC_L3_CM.3.068"]},{"policyDefinitionReferenceId":"fc9b3da7-8347-4380-8e70-0a0361d8dedd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"effect":{"value":"[parameters(''effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd'')]"}},"groupNames":["CMMC_L3_CM.2.061"]},{"policyDefinitionReferenceId":"2a7a701e-dff3-4da9-9ec5-42cb98594c0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"AuditAuthenticationPolicyChange":{"value":"[parameters(''AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"},"AuditAuthorizationPolicyChange":{"value":"[parameters(''AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"},"effect":{"value":"[parameters(''effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b'')]"}},"groupNames":["CMMC_L3_CM.2.065"]}],"policyDefinitionGroups":[{"name":"CMMC_L3_AC.1.001","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.001"},{"name":"CMMC_L3_AC.1.002","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.002"},{"name":"CMMC_L3_AC.1.003","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.003"},{"name":"CMMC_L3_AC.1.004","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.004"},{"name":"CMMC_L3_AC.2.005","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.005"},{"name":"CMMC_L3_AC.2.006","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.006"},{"name":"CMMC_L3_AC.2.007","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.007"},{"name":"CMMC_L3_AC.2.008","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.008"},{"name":"CMMC_L3_AC.2.009","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.009"},{"name":"CMMC_L3_AC.2.010","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.010"},{"name":"CMMC_L3_AC.2.011","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.011"},{"name":"CMMC_L3_AC.2.013","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.013"},{"name":"CMMC_L3_AC.2.015","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.015"},{"name":"CMMC_L3_AC.2.016","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.016"},{"name":"CMMC_L3_AC.3.012","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.012"},{"name":"CMMC_L3_AC.3.014","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.014"},{"name":"CMMC_L3_AC.3.017","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.017"},{"name":"CMMC_L3_AC.3.018","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.018"},{"name":"CMMC_L3_AC.3.019","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.019"},{"name":"CMMC_L3_AC.3.020","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.020"},{"name":"CMMC_L3_AC.3.021","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.021"},{"name":"CMMC_L3_AC.3.022","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.022"},{"name":"CMMC_L3_AM.3.036","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AM.3.036"},{"name":"CMMC_L3_AT.2.056","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.056"},{"name":"CMMC_L3_AT.2.057","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.057"},{"name":"CMMC_L3_AT.3.058","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.3.058"},{"name":"CMMC_L3_AU.2.041","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.041"},{"name":"CMMC_L3_AU.2.042","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.042"},{"name":"CMMC_L3_AU.2.043","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.043"},{"name":"CMMC_L3_AU.2.044","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.044"},{"name":"CMMC_L3_AU.3.045","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.045"},{"name":"CMMC_L3_AU.3.046","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.046"},{"name":"CMMC_L3_AU.3.048","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.048"},{"name":"CMMC_L3_AU.3.049","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.049"},{"name":"CMMC_L3_AU.3.050","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.050"},{"name":"CMMC_L3_AU.3.051","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.051"},{"name":"CMMC_L3_AU.3.052","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.052"},{"name":"CMMC_L3_CA.2.157","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.157"},{"name":"CMMC_L3_CA.2.158","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.158"},{"name":"CMMC_L3_CA.2.159","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.159"},{"name":"CMMC_L3_CA.3.161","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.161"},{"name":"CMMC_L3_CA.3.162","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.162"},{"name":"CMMC_L3_CM.2.061","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.061"},{"name":"CMMC_L3_CM.2.062","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.062"},{"name":"CMMC_L3_CM.2.063","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.063"},{"name":"CMMC_L3_CM.2.064","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.064"},{"name":"CMMC_L3_CM.2.065","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.065"},{"name":"CMMC_L3_CM.2.066","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.066"},{"name":"CMMC_L3_CM.3.067","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.067"},{"name":"CMMC_L3_CM.3.068","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.068"},{"name":"CMMC_L3_CM.3.069","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.069"},{"name":"CMMC_L3_IA.1.076","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.076"},{"name":"CMMC_L3_IA.1.077","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.077"},{"name":"CMMC_L3_IA.2.078","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.078"},{"name":"CMMC_L3_IA.2.079","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.079"},{"name":"CMMC_L3_IA.2.080","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.080"},{"name":"CMMC_L3_IA.2.081","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.081"},{"name":"CMMC_L3_IA.2.082","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.082"},{"name":"CMMC_L3_IA.3.083","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.083"},{"name":"CMMC_L3_IA.3.084","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.084"},{"name":"CMMC_L3_IA.3.085","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.085"},{"name":"CMMC_L3_IA.3.086","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.086"},{"name":"CMMC_L3_IR.2.092","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.092"},{"name":"CMMC_L3_IR.2.093","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.093"},{"name":"CMMC_L3_IR.2.094","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.094"},{"name":"CMMC_L3_IR.2.096","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.096"},{"name":"CMMC_L3_IR.2.097","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.097"},{"name":"CMMC_L3_IR.3.098","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.098"},{"name":"CMMC_L3_IR.3.099","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.099"},{"name":"CMMC_L3_MA.2.111","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.111"},{"name":"CMMC_L3_MA.2.112","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.112"},{"name":"CMMC_L3_MA.2.113","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.113"},{"name":"CMMC_L3_MA.2.114","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.114"},{"name":"CMMC_L3_MA.3.115","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.115"},{"name":"CMMC_L3_MA.3.116","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.116"},{"name":"CMMC_L3_MP.1.118","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.1.118"},{"name":"CMMC_L3_MP.2.119","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.119"},{"name":"CMMC_L3_MP.2.120","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.120"},{"name":"CMMC_L3_MP.2.121","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.121"},{"name":"CMMC_L3_MP.3.122","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.122"},{"name":"CMMC_L3_MP.3.123","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.123"},{"name":"CMMC_L3_MP.3.124","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.124"},{"name":"CMMC_L3_MP.3.125","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.125"},{"name":"CMMC_L3_PE.1.131","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.131"},{"name":"CMMC_L3_PE.1.132","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.132"},{"name":"CMMC_L3_PE.1.133","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.133"},{"name":"CMMC_L3_PE.1.134","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.134"},{"name":"CMMC_L3_PE.2.135","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.2.135"},{"name":"CMMC_L3_PE.3.136","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.3.136"},{"name":"CMMC_L3_PS.2.127","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.127"},{"name":"CMMC_L3_PS.2.128","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.128"},{"name":"CMMC_L3_RE.2.137","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.137"},{"name":"CMMC_L3_RE.2.138","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.138"},{"name":"CMMC_L3_RE.3.139","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.3.139"},{"name":"CMMC_L3_RM.2.141","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.141"},{"name":"CMMC_L3_RM.2.142","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.142"},{"name":"CMMC_L3_RM.2.143","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.143"},{"name":"CMMC_L3_RM.3.144","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.144"},{"name":"CMMC_L3_RM.3.146","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.146"},{"name":"CMMC_L3_RM.3.147","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.147"},{"name":"CMMC_L3_SA.3.169","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SA.3.169"},{"name":"CMMC_L3_SC.1.175","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.175"},{"name":"CMMC_L3_SC.1.176","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.176"},{"name":"CMMC_L3_SC.2.178","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.178"},{"name":"CMMC_L3_SC.2.179","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.179"},{"name":"CMMC_L3_SC.3.177","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.177"},{"name":"CMMC_L3_SC.3.180","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.180"},{"name":"CMMC_L3_SC.3.181","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.181"},{"name":"CMMC_L3_SC.3.182","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.182"},{"name":"CMMC_L3_SC.3.183","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.183"},{"name":"CMMC_L3_SC.3.184","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.184"},{"name":"CMMC_L3_SC.3.185","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.185"},{"name":"CMMC_L3_SC.3.186","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.186"},{"name":"CMMC_L3_SC.3.187","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.187"},{"name":"CMMC_L3_SC.3.188","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.188"},{"name":"CMMC_L3_SC.3.189","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.189"},{"name":"CMMC_L3_SC.3.190","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.190"},{"name":"CMMC_L3_SC.3.191","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.191"},{"name":"CMMC_L3_SC.3.192","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.192"},{"name":"CMMC_L3_SC.3.193","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.193"},{"name":"CMMC_L3_SI.1.210","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.210"},{"name":"CMMC_L3_SI.1.211","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.211"},{"name":"CMMC_L3_SI.1.212","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.212"},{"name":"CMMC_L3_SI.1.213","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.213"},{"name":"CMMC_L3_SI.2.214","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.214"},{"name":"CMMC_L3_SI.2.216","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.216"},{"name":"CMMC_L3_SI.2.217","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.217"},{"name":"CMMC_L3_SI.3.218","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.218"},{"name":"CMMC_L3_SI.3.219","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.219"},{"name":"CMMC_L3_SI.3.220","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.220"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de","type":"Microsoft.Authorization/policySetDefinitions","name":"b5629c75-5c77-4422-87b9-2509e680f8de"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates @@ -8345,7 +13353,527 @@ interactions: on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"version":"1.0.0-deprecated","category":"Guest Configuration","deprecated":true},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"[Deprecated]: Number of days","description":"The number of days without restart until the - machine is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Preview]: + machine is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Deprecated]: + Azure Security Benchmark v2","policyType":"BuiltIn","description":"This initiative + has been deprecated. The Azure Security Benchmark v2 policy set is now represented + in the consolidated Azure Security Benchmark initiative, which also serves + as the Azure Security Center default policy initiative. Please assign that + initiative, or manage its policies and compliance results within Azure Security + Center","metadata":{"version":"2.0.1-deprecated","deprecated":true,"category":"Regulatory + Compliance"},"parameters":{"effect-e71308d3-144b-4262-b144-efdc3cc90517":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Subnets should be associated with a Network Security Group","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-bd352bd5-2853-4985-bf0d-73806b4a5744":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: IP Forwarding on your virtual machine should be disabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-22730e10-96f6-4aac-ad84-9383d35b5917":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Management ports should be closed on your virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: All Internet traffic should be routed via your deployed + Azure Firewall","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Authorized IP ranges should be defined on Kubernetes Services","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Adaptive Network Hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-55615ac9-af46-4a59-874e-391cc3dfb490":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Firewall should be enabled on Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cosmos DB accounts should have firewall rules","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for Cognitive + Services accounts","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should restrict network access using virtual + network rules","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should not allow unrestricted network + access","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for PostgreSQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d9844e8a-1437-4aeb-a32c-0c992f056095":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Public network access should be disabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: API Management services should use a virtual network","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"evaluatedSkuNames-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b":{"type":"Array","metadata":{"displayName":"[Deprecated]: + API Management SKUs that should use a virtual network","description":"List + of API Management SKUs against which this policy will be evaluated"},"allowedValues":["Developer","Basic","Standard","Premium","Consumption"],"defaultValue":["Developer","Premium"]},"effect-0564d078-92f5-4f97-8398-b9f58a51f70b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for PostgreSQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0a1302fb-a631-4106-9753-f3d494733990":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for MariaDB servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7595c971-233d-4bcf-bd18-596129188c49":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be enabled for MySQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2154edb9-244f-4741-9970-660785bccdaa":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: VM Image Builder templates should use private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-40cec1dd-a100-4920-b15b-3024fe8901ab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Machine Learning workspaces should use private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-4b90e17e-8448-49db-875e-bd83fb6f804f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Event Grid topics should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-53503636-bcc9-4748-9663-5348217f160f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure SignalR Service should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5f0bc445-3935-4915-9981-011aa2b46147":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Private endpoint should be configured for Key Vault","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-6edd7eda-6dd8-40f7-810d-67160c639cd9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account should use a private link connection","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9830b652-8523-49cc-b1b3-e17dce1127ca":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Event Grid domains should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ca610c1d-041c-4332-9d88-7ed3094967c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: App Configuration should use a private link","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should use private links","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cache for Redis should reside within a virtual network","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Spring Cloud should use network injection","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled","Deny"],"defaultValue":"Audit"},"evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Azure Spring Cloud SKUs that should use network injection","description":"List + of Azure Spring Cloud SKUs against which this policy will be evaluated"},"allowedValues":["Standard"],"defaultValue":["Standard"]},"effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure DDoS Protection Standard should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SSH access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e372f825-a257-4fb8-9175-797a8a8627d6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: RDP access from the Internet should be blocked","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service Fabric clusters should only use Azure Active Directory + for client authentication","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2b9ad585-36bc-4615-b300-fd4435808332":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Managed identity should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6646a0bd-e110-40ca-bb97-84fcee63c414":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service principals should be used to protect your subscriptions + instead of management certificates","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with read permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes + Services","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Audit usage of custom RBAC rules","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Custom subscription owner roles should not exist","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Sensitive data in your SQL databases should be classified","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Storage should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6581d072-105e-4418-827f-bd446d56421b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for SQL servers on machines should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Azure SQL Database servers should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should enable data encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce SSL connection should be enabled for MySQL database + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce SSL connection should be enabled for PostgreSQL + database servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-399b2637-a50f-4f95-96f8-3a145476eb15":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS only should be required in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS should be required in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: FTPS only should be required in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Enforce HTTPS ingress in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Enforce HTTPS ingress in Kubernetes + cluster","description":"List of Kubernetes namespaces to exclude from policy + evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Deprecated]: + Include Arc-connected servers when evaluating policy: Audit Windows web servers + that are not using secure communication protocols","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Deprecated]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SQL server TDE protector should be encrypted with your + own key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-048248b0-55cd-46da-b1ff-39efd52db260":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: SQL Managed Instance TDE protector should be encrypted + with your own key","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Automation account variables should be encrypted","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-617c02be-7f02-4efd-8836-3180d47b6c68":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel + property set to EncryptAndSign","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-11566b39-f7f7-4b82-ab06-68d8700eb0a4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should use customer owned storage + or enable data encryption.","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Cosmos DB account should use customer-managed keys + to encrypt data at rest","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Container registries should be encrypted with a customer-managed + key","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Cognitive Services accounts should enable data encryption + with customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-6fac406b-40ca-413b-bf8e-0bf964659c25":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage account should use customer-managed key for encryption","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Machine Learning workspaces should be encrypted with + a customer-managed key","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-18adea5e-f416-4d0f-8aa8-d24321e3e274":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Bring your own key data protection should be enabled for + PostgreSQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Bring your own key data protection should be enabled for + MySQL servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Virtual machines should be migrated to new Azure Resource + Manager resources","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Storage accounts should be migrated to new Azure Resource + Manager resources","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e6763cc-5078-4e64-889d-ff4d9a839047":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for App Service should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for servers should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for Kubernetes should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Defender for container registries should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Network traffic data collection agent should be installed + on Windows virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-04c4380f-3fae-46e8-96c9-30193528f602":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Network traffic data collection agent should be installed + on Linux virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of regions where Network Watcher should be enabled","description":"To + see a complete list of regions, run the PowerShell command Get-AzLocation","strongType":"location"},"defaultValue":["[]"]},"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6":{"type":"String","metadata":{"displayName":"[Deprecated]: + Name of the resource group for Network Watcher","description":"Name of the + resource group where Network Watchers are located"},"defaultValue":"NetworkWatcherRG"},"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Azure Data Lake Store should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Data Lake Store resource logs"},"defaultValue":"365"},"effect-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Logic Apps should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Logic Apps resource logs"},"defaultValue":"365"},"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in IoT Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for IoT Hub resource logs"},"defaultValue":"365"},"effect-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Batch accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Batch resource logs"},"defaultValue":"365"},"effect-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1":{"type":"Boolean","metadata":{"displayName":"[Deprecated]: + Include AKS clusters when auditing if virtual machine scale set resource logs + are enabled"},"defaultValue":false},"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Event Hub should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Event Hub resource logs"},"defaultValue":"365"},"effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Search services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-b4330a05-a843-4bc8-bf9a-cacce50c67f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Search resource logs"},"defaultValue":"365"},"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in App Services should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Data Lake Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Data Lake Analytics resource logs"},"defaultValue":"365"},"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Key Vault should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Key Vault resource logs"},"defaultValue":"365"},"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Service Bus should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Service Bus resource logs"},"defaultValue":"365"},"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Resource logs in Azure Stream Analytics should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required retention period (days) for Azure Stream Analytics resource logs"},"defaultValue":"365"},"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Auditing on SQL server should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Required auditing setting for SQL servers"},"allowedValues":["enabled","Disabled"],"defaultValue":"enabled"},"effect-a4fe33eb-e377-4efb-ab31-0784311bc499":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your virtual + machine for Azure Security Center monitoring","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a3a6ea0c-e018-4933-9ef0-5aaa1501449b":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your virtual + machine scale sets for Azure Security Center monitoring","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-475aae12-b88a-4572-8b36-9b712b2b3a17":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Automatic provisioning of the Log Analytics monitoring + agent should be enabled on your subscription","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent health issues should be resolved on + your machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your Linux Azure + Arc machines","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Log Analytics agent should be installed on your Windows + Azure Arc machines","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A security contact email address should be provided for + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Email notification for high severity alerts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0b15565f-aa9e-48ba-8619-45960f2c314d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Email notification to subscription owner for high severity + alerts should be enabled","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your Function + Apps","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: CORS should not allow every resource to access your API + App","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure API app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-eaebaea7-8013-4ceb-9d14-7eb32271373c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure Function app has ''Client Certificates (Incoming + client certificates)'' set to ''On''","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-5bb220d9-2698-4ee4-8404-b9c30c9df609":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure WEB app has ''Client Certificates (Incoming client + certificates)'' set to ''On''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0a15ec92-a229-4763-bb14-0ea34a568f8d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Policy Add-on for Kubernetes service (AKS) should + be installed and enabled on your clusters","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"String","metadata":{"displayName":"[Deprecated]: + Allowed container images for Kubernetes clusters","description":"Regular expression + used to match allowed container images in a Kubernetes cluster; Ex: allow + any Azure Container Registry image by matching partial path: ^.+azurecr.io/.+$"},"defaultValue":"^(.+){0}$"},"effect-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure only allowed container images in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-febd0533-8e55-448f-b837-bd0e06f16469":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure only allowed container + images in Kubernetes cluster","description":"List of Kubernetes namespaces + to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-95edb821-ddaf-4404-9732-666045e056b4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Do not allow privileged containers in Kubernetes cluster","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-95edb821-ddaf-4404-9732-666045e056b4":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Do not allow privileged containers + in Kubernetes cluster","description":"List of Kubernetes namespaces to exclude + from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedContainerPortsList-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Allowed container ports in Kubernetes clusters"},"defaultValue":["-1"]},"effect-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure containers listen only on allowed ports in Kubernetes + cluster","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-440b515e-a580-421e-abeb-b159a61ddcbc":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure containers listen only + on allowed ports in Kubernetes cluster","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedServicePortsList-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Allowed services ports in Kubernetes clusters"},"defaultValue":["-1"]},"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure services listen only on allowed ports in Kubernetes + cluster","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-233a2a17-77ca-4fb1-9b6b-69223d272a44":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure services listen only + on allowed ports in Kubernetes cluster","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes clusters should not allow container privilege + escalation","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes clusters should + not allow container privilege escalation","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Maximum allowed CPU units for containers in Kubernetes clusters","description":"Ex: + 200m; for more information, visit https://aka.ms/k8s-policy-pod-limits"},"defaultValue":"0"},"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Maximum allowed memory (bytes) for a container in Kubernetes clusters","description":"Ex: + 1Gi; for more information, visit https://aka.ms/k8s-policy-pod-limits"},"defaultValue":"0"},"effect-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure container CPU and memory resource limits do not + exceed the specified limits in Kubernetes cluster","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-e345eecc-fa47-480f-9e88-67dcc122b164":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Ensure container CPU and memory + resource limits do not exceed the specified limits in Kubernetes cluster","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pods and containers should only run + with approved user and group IDs","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-f06ddb64-5fa3-4b77-b166-acb36f7f6042":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods and + containers should only run with approved user and group IDs","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should not share host process + ID or host IPC namespace","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should not share host process ID or host IPC namespace","description":"List + of Kubernetes namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-df49d893-a74c-421d-bc95-c663042e5b80":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should run with a read only + root file system","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should run with a read only root file system","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should only use allowed capabilities","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should only use allowed capabilities","description":"List of Kubernetes namespaces + to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + List of capabilities that are allowed to be added to a container","description":"Provide + empty list as input to block everything"},"defaultValue":["[]"]},"requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c":{"type":"Array","metadata":{"displayName":"[Deprecated]: + The list of capabilities that must be dropped by a container"},"defaultValue":["[]"]},"effect-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster containers should only use allowed AppArmor + profiles","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster containers + should only use allowed AppArmor profiles","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedProfiles-511f5417-5d12-434d-ab2e-816901e72a5e":{"type":"Array","metadata":{"displayName":"[Deprecated]: + The list of AppArmor profiles that containers are allowed to use","description":"Ex: + ''runtime/default;docker/default''; provide empty list as input to block everything"},"defaultValue":["[]"]},"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pods should only use approved host network + and port range","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pods should + only use approved host network and port range","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Boolean","metadata":{"displayName":"[Deprecated]: + Allow host network usage for Kubernetes cluster pods","description":"Set this + value to true if pod is allowed to use host network, otherwise set to false"},"defaultValue":false},"minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Deprecated]: + Minimum value in the allowable host port range that pods can use in the host + network namespace"},"defaultValue":0},"maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe":{"type":"Integer","metadata":{"displayName":"[Deprecated]: + Maximum value in the allowable host port range that pods can use in the host + network namespace"},"defaultValue":0},"effect-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes cluster pod hostPath volumes should only use + allowed host paths","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"Array","metadata":{"displayName":"[Deprecated]: + Namespaces excluded from evaluation of policy: Kubernetes cluster pod hostPath + volumes should only use allowed host paths","description":"List of Kubernetes + namespaces to exclude from policy evaluation"},"defaultValue":["kube-system","gatekeeper-system","azure-arc"]},"allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75":{"type":"Object","metadata":{"displayName":"[Deprecated]: + Allowed host paths for pod hostPath volumes to use","description":"Provide + an empty paths list to block all host paths"},"defaultValue":{"paths":[]}},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-760a85ff-6162-42b3-8d70-698e268f648c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities should be remediated by a Vulnerability + Assessment solution","description":"For more information about effects, visit + https://aka.ms/policyeffects","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-5f0f936f-2f01-4bf5-b6be-d423792fa562":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Vulnerabilities in Azure Container Registry images should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the API app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest PHP version for App Services","description":"Latest supported PHP version + for App Services"},"defaultValue":"7.3"},"effect-7261b898-8a84-4db8-9e04-18527132abb3":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''PHP version'' is the latest, if used as a + part of the WEB app","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-496223c3-ad65-4ecd-878a-bae78737e9ed":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest Java version for App Services","description":"Latest supported Java + version for App Services"},"defaultValue":"11"},"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-88999f4c-376a-45c8-bcb3-4058f713cf39":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Java version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-7008174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Web app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"[Deprecated]: + Latest Python version for Linux for App Services","description":"Latest supported + Python version for App Services"},"defaultValue":"3.8"},"effect-7238174a-fd10-4ef0-817e-fc820a951d73":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the Function app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-74c3584d-afae-46f7-a20a-6f8adba71a16":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Ensure that ''Python version'' is the latest, if used as + a part of the API app","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fb893a29-21bb-418c-a157-e99480ec364c":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable + Kubernetes version","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + on which Windows Defender Exploit Guard is not enabled","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Compliance status to report for Windows servers where Windows Defender Exploit + Guard is not supported"},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Compliant"},"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Audit Windows machines on which Windows Defender Exploit + Guard is not enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-d38fc420-0735-4ef3-ac11-c806f651a570":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Long-term geo-redundant backup should be enabled for Azure + SQL Databases","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-82339799-d096-41ae-8538-b108becf0970":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MySQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-48af4db5-9b8b-401c-8e74-076be876a430":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for PostgreSQL","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Geo-redundant backup should be enabled for Azure Database + for MariaDB","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-013e242c-8828-4970-87b3-ab247555486d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Azure Backup should be enabled for Virtual Machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Key vault should have soft delete enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53":{"type":"String","metadata":{"displayName":"[Deprecated]: + Effect for policy: Key vault should have purge protection enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"subnetsShouldBeAssociatedWithANetworkSecurityGroup","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''effect-e71308d3-144b-4262-b144-efdc3cc90517'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"internetFacingVirtualMachinesShouldBeProtectedWithNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"iPForwardingOnYourVirtualMachineShouldBeDisabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''effect-bd352bd5-2853-4985-bf0d-73806b4a5744'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"managementPortsShouldBeClosedOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''effect-22730e10-96f6-4aac-ad84-9383d35b5917'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"managementPortsOfVirtualMachinesShouldBeProtectedWithJustInTimeNetworkAccessControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"allInternetTrafficShouldBeRoutedViaYourDeployedAzureFirewall","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4","Azure_Security_Benchmark_v2.0_NS-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"authorizedIPRangesShouldBeDefinedOnKubernetesServices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"firewallShouldBeEnabledOnKeyVault","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490","parameters":{"effect":{"value":"[parameters(''effect-55615ac9-af46-4a59-874e-391cc3dfb490'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldHaveFirewallRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb","parameters":{"effect":{"value":"[parameters(''effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1","Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldRestrictNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3","parameters":{"effect":{"value":"[parameters(''effect-037eea7a-bd0a-46c5-9a66-03aea78705d3'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForCognitiveServicesAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca","parameters":{"effect":{"value":"[parameters(''effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"1b8ca024-1d5c-4dec-8995-b1a932b41780","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780","parameters":{},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"storageAccountsShouldRestrictNetworkAccessUsingVirtualNetworkRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f","parameters":{"effect":{"value":"[parameters(''effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"containerRegistriesShouldNotAllowUnrestrictedNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71","parameters":{"effect":{"value":"[parameters(''effect-d0793b48-0edc-4296-a390-4c75d1bdfd71'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c","parameters":{"effect":{"value":"[parameters(''effect-b52376f7-9612-48a1-81cd-1ffe4b61032c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095","parameters":{"effect":{"value":"[parameters(''effect-d9844e8a-1437-4aeb-a32c-0c992f056095'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"publicNetworkAccessShouldBeDisabledForMariadbServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077","parameters":{"effect":{"value":"[parameters(''effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"aPIManagementServicesShouldUseAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b","parameters":{"effect":{"value":"[parameters(''effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b'')]"},"evaluatedSkuNames":{"value":"[parameters(''evaluatedSkuNames-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-1"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b","parameters":{"effect":{"value":"[parameters(''effect-0564d078-92f5-4f97-8398-b9f58a51f70b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMariadbServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990","parameters":{"effect":{"value":"[parameters(''effect-0a1302fb-a631-4106-9753-f3d494733990'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeEnabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49","parameters":{"effect":{"value":"[parameters(''effect-7595c971-233d-4bcf-bd18-596129188c49'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"vMImageBuilderTemplatesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa","parameters":{"effect":{"value":"[parameters(''effect-2154edb9-244f-4741-9970-660785bccdaa'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab","parameters":{"effect":{"value":"[parameters(''effect-40cec1dd-a100-4920-b15b-3024fe8901ab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridTopicsShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f","parameters":{"effect":{"value":"[parameters(''effect-4b90e17e-8448-49db-875e-bd83fb6f804f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureSignalrServiceShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f","parameters":{"effect":{"value":"[parameters(''effect-53503636-bcc9-4748-9663-5348217f160f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"privateEndpointShouldBeConfiguredForKeyVault","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147","parameters":{"effect":{"value":"[parameters(''effect-5f0bc445-3935-4915-9981-011aa2b46147'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"storageAccountShouldUseAPrivateLinkConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9","parameters":{"effect":{"value":"[parameters(''effect-6edd7eda-6dd8-40f7-810d-67160c639cd9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"7698e800-9299-47a6-b3b6-5a0fee576eed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed","parameters":{},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureEventGridDomainsShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca","parameters":{"effect":{"value":"[parameters(''effect-9830b652-8523-49cc-b1b3-e17dce1127ca'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"appConfigurationShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7","parameters":{"effect":{"value":"[parameters(''effect-ca610c1d-041c-4332-9d88-7ed3094967c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"containerRegistriesShouldUsePrivateLink","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4","parameters":{"effect":{"value":"[parameters(''effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2","Azure_Security_Benchmark_v2.0_NS-3"]},{"policyDefinitionReferenceId":"azureCacheForRedisShouldResideWithinAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4","parameters":{"effect":{"value":"[parameters(''effect-7d092e0a-7acd-40d2-a975-dca21cae48c4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"azureSpringCloudShouldUseNetworkInjection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4","parameters":{"effect":{"value":"[parameters(''effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4'')]"},"evaluatedSkuNames":{"value":"[parameters(''evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-2"]},{"policyDefinitionReferenceId":"azureDdosProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"sSHAccessFromTheInternetShouldBeBlocked","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab","parameters":{"effect":{"value":"[parameters(''effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"rDPAccessFromTheInternetShouldBeBlocked","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6","parameters":{"effect":{"value":"[parameters(''effect-e372f825-a257-4fb8-9175-797a8a8627d6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallWAFShouldBeEnabledForAzureFrontDoorServiceService","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"webApplicationFirewallWAFShouldBeEnabledForApplicationGateway","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_NS-4"]},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''effect-2b9ad585-36bc-4615-b300-fd4435808332'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"managedIdentityShouldBeUsedInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-1","Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"servicePrincipalsShouldBeUsedToProtectYourSubscriptionsInsteadOfManagementCertificates","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6646a0bd-e110-40ca-bb97-84fcee63c414","parameters":{"effect":{"value":"[parameters(''effect-6646a0bd-e110-40ca-bb97-84fcee63c414'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-2"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"mFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IM-4"]},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1"]},{"policyDefinitionReferenceId":"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"deprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-1","Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"deprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"externalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"externalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-3"]},{"policyDefinitionReferenceId":"roleBasedAccessControlRBACShouldBeUsedOnKubernetesServices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"customSubscriptionOwnerRolesShouldNotExist","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{"effect":{"value":"[parameters(''effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PA-7"]},{"policyDefinitionReferenceId":"sensitiveDataInYourSQLDatabasesShouldBeClassified","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''effect-cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-1"]},{"policyDefinitionReferenceId":"storageAccountPublicAccessShouldBeDisallowed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"azureDefenderForStorageShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa","parameters":{"effect":{"value":"[parameters(''effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForSQLServersOnMachinesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b","parameters":{"effect":{"value":"[parameters(''effect-6581d072-105e-4418-827f-bd446d56421b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForAzureSQLDatabaseServersShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2","parameters":{"effect":{"value":"[parameters(''effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnSQLManagedInstance","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-3","Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSQLDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2","Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2bdd0062-9d75-436e-89df-487dd8e4b3c7","parameters":{"effect":{"value":"[parameters(''effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-2"]},{"policyDefinitionReferenceId":"secureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"latestTLSVersionShouldBeUsedInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"functionAppShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"webApplicationShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"aPIAppShouldOnlyBeAccessibleOverHTTPS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForMysqlDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{"effect":{"value":"[parameters(''effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceSSLConnectionShouldBeEnabledForPostgresqlDatabaseServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{"effect":{"value":"[parameters(''effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"onlySecureConnectionsToYourAzureCacheForRedisShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''effect-399b2637-a50f-4f95-96f8-3a145476eb15'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSShouldBeRequiredInYourWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"fTPSOnlyShouldBeRequiredInYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"enforceHTTPSIngressInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","parameters":{"effect":{"value":"[parameters(''effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-4"]},{"policyDefinitionReferenceId":"sQLServersShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"sQLManagedInstancesShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''effect-048248b0-55cd-46da-b1ff-39efd52db260'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"automationAccountVariablesShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''effect-3657f5a0-770e-44a3-b44e-9431ba1e9735'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"serviceFabricClustersShouldHaveTheClusterprotectionlevelPropertySetToEncryptandsign","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''effect-617c02be-7f02-4efd-8836-3180d47b6c68'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldUseCustomerOwnedStorageOrEnableDataEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4","parameters":{"effect":{"value":"[parameters(''effect-11566b39-f7f7-4b82-ab06-68d8700eb0a4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureCosmosDBAccountsShouldUseCustomerManagedKeysToEncryptDataAtRest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f","parameters":{"effect":{"value":"[parameters(''effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"containerRegistriesShouldBeEncryptedWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580","parameters":{"effect":{"value":"[parameters(''effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"cognitiveServicesAccountsShouldEnableDataEncryptionWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d","parameters":{"effect":{"value":"[parameters(''effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"storageAccountsShouldUseCustomerManagedKeyCMKForEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25","parameters":{"effect":{"value":"[parameters(''effect-6fac406b-40ca-413b-bf8e-0bf964659c25'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"azureMachineLearningWorkspacesShouldBeEncryptedWithACustomerManagedKeyCMK","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8","parameters":{"effect":{"value":"[parameters(''effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForPostgresqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274","parameters":{"effect":{"value":"[parameters(''effect-18adea5e-f416-4d0f-8aa8-d24321e3e274'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"bringYourOwnKeyDataProtectionShouldBeEnabledForMysqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833","parameters":{"effect":{"value":"[parameters(''effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_DP-5"]},{"policyDefinitionReferenceId":"virtualMachinesShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"storageAccountsShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-3"]},{"policyDefinitionReferenceId":"adaptiveApplicationControlsForDefiningSafeApplicationsShouldBeEnabledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_AM-6"]},{"policyDefinitionReferenceId":"azureDefenderForKeyVaultShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047","parameters":{"effect":{"value":"[parameters(''effect-0e6763cc-5078-4e64-889d-ff4d9a839047'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForAppServiceShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb","parameters":{"effect":{"value":"[parameters(''effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForServersShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d","parameters":{"effect":{"value":"[parameters(''effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5","Azure_Security_Benchmark_v2.0_ES-1"]},{"policyDefinitionReferenceId":"azureDefenderForKubernetesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a","parameters":{"effect":{"value":"[parameters(''effect-523b5cd1-3e23-492f-a539-13118b6d1e3a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"azureDefenderForContainerRegistriesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4","parameters":{"effect":{"value":"[parameters(''effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-1","Azure_Security_Benchmark_v2.0_LT-2","Azure_Security_Benchmark_v2.0_IR-3","Azure_Security_Benchmark_v2.0_IR-5"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''effect-04c4380f-3fae-46e8-96c9-30193528f602'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"networkWatcherShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"},"resourceGroupName":{"value":"[parameters(''resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-3"]},{"policyDefinitionReferenceId":"diagnosticLogsInAzureDataLakeStoreShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''effect-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInLogicAppsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''effect-34f95f76-5386-4de7-b824-0d8478470c9d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInIotHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInBatchAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''effect-428256e6-1fac-4f48-a757-df34c2b3336d'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInVirtualMachineScaleSetsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''effect-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"},"includeAKSClusters":{"value":"[parameters(''includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInEventHubShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''effect-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInSearchServicesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-b4330a05-a843-4bc8-bf9a-cacce50c67f4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAppServicesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInDataLakeAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInKeyVaultShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''effect-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInServiceBusShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"diagnosticLogsInAzureStreamAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"},"requiredRetentionDays":{"value":"[parameters(''requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"auditingOnSQLServerShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"},"setting":{"value":"[parameters(''setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-4"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourVirtualMachineForAzureSecurityCenterMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499","parameters":{"effect":{"value":"[parameters(''effect-a4fe33eb-e377-4efb-ab31-0784311bc499'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourVirtualMachineScaleSetsForAzureSecurityCenterMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b","parameters":{"effect":{"value":"[parameters(''effect-a3a6ea0c-e018-4933-9ef0-5aaa1501449b'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{"effect":{"value":"[parameters(''effect-475aae12-b88a-4572-8b36-9b712b2b3a17'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentHealthIssuesShouldBeResolvedOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d62cfe2b-3ab0-4d41-980d-76803b58ca65","parameters":{"effect":{"value":"[parameters(''effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourLinuxAzureArcMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373","parameters":{"effect":{"value":"[parameters(''effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"logAnalyticsAgentShouldBeInstalledOnYourWindowsAzureArcMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e","parameters":{"effect":{"value":"[parameters(''effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_LT-5"]},{"policyDefinitionReferenceId":"subscriptionsShouldHaveAContactEmailAddressForSecurityIssues","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{"effect":{"value":"[parameters(''effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationForHighSeverityAlertsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{"effect":{"value":"[parameters(''effect-6e2593d9-add6-4083-9c9b-4b7d2188c899'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"emailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{"effect":{"value":"[parameters(''effect-0b15565f-aa9e-48ba-8619-45960f2c314d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_IR-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourWebApplications","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourFunctionApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"cORSShouldNotAllowEveryResourceToAccessYourAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplications","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForAPIApps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureAPIAppHasClientCertificatesIncomingClientCertificatesSetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{"effect":{"value":"[parameters(''effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"functionAppsShouldHaveClientCertificatesIncomingClientCertificatesEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{"effect":{"value":"[parameters(''effect-eaebaea7-8013-4ceb-9d14-7eb32271373c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureWEBAppHasClientCertificatesIncomingClientCertificatesSetToOn","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{"effect":{"value":"[parameters(''effect-5bb220d9-2698-4ee4-8404-b9c30c9df609'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"azurePolicyAddOnForKubernetesServiceAKSShouldBeInstalledAndEnabledOnYourClusters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d","parameters":{"effect":{"value":"[parameters(''effect-0a15ec92-a229-4763-bb14-0ea34a568f8d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureOnlyAllowedContainerImagesInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","parameters":{"allowedContainerImagesRegex":{"value":"[parameters(''allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469'')]"},"effect":{"value":"[parameters(''effect-febd0533-8e55-448f-b837-bd0e06f16469'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-febd0533-8e55-448f-b837-bd0e06f16469'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"doNotAllowPrivilegedContainersInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","parameters":{"effect":{"value":"[parameters(''effect-95edb821-ddaf-4404-9732-666045e056b4'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-95edb821-ddaf-4404-9732-666045e056b4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureContainersListenOnlyOnAllowedPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","parameters":{"allowedContainerPortsList":{"value":"[parameters(''allowedContainerPortsList-440b515e-a580-421e-abeb-b159a61ddcbc'')]"},"effect":{"value":"[parameters(''effect-440b515e-a580-421e-abeb-b159a61ddcbc'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-440b515e-a580-421e-abeb-b159a61ddcbc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureServicesListenOnlyOnAllowedPortsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","parameters":{"allowedServicePortsList":{"value":"[parameters(''allowedServicePortsList-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"},"effect":{"value":"[parameters(''effect-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-233a2a17-77ca-4fb1-9b6b-69223d272a44'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClustersShouldNotAllowContainerPrivilegeEscalation","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99","parameters":{"effect":{"value":"[parameters(''effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"ensureContainerCPUAndMemoryResourceLimitsDoNotExceedTheSpecifiedLimitsInKubernetesCluster","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","parameters":{"cpuLimit":{"value":"[parameters(''cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"memoryLimit":{"value":"[parameters(''memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"effect":{"value":"[parameters(''effect-e345eecc-fa47-480f-9e88-67dcc122b164'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-e345eecc-fa47-480f-9e88-67dcc122b164'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodsAndContainersShouldOnlyRunWithApprovedUserAndGroupIds","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042","parameters":{"effect":{"value":"[parameters(''effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-f06ddb64-5fa3-4b77-b166-acb36f7f6042'')]"},"runAsUserRule":{"value":"MustRunAsNonRoot"},"runAsUserRanges":{"value":{"ranges":[]}},"runAsGroupRule":{"value":"MayRunAs"},"runAsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"supplementalGroupsRule":{"value":"MayRunAs"},"supplementalGroupsRanges":{"value":{"ranges":[{"min":1,"max":65535}]}},"fsGroupRule":{"value":"MayRunAs"},"fsGroupRanges":{"value":{"ranges":[{"min":1,"max":65535}]}}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldNotShareHostProcessIDOrHostIPCNamespace","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8","parameters":{"effect":{"value":"[parameters(''effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldRunWithAReadOnlyRootFileSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80","parameters":{"effect":{"value":"[parameters(''effect-df49d893-a74c-421d-bc95-c663042e5b80'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldOnlyUseAllowedCapabilities","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c","parameters":{"effect":{"value":"[parameters(''effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"allowedCapabilities":{"value":"[parameters(''allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"},"requiredDropCapabilities":{"value":"[parameters(''requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterContainersShouldOnlyUseAllowedApparmorProfiles","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e","parameters":{"effect":{"value":"[parameters(''effect-511f5417-5d12-434d-ab2e-816901e72a5e'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-511f5417-5d12-434d-ab2e-816901e72a5e'')]"},"allowedProfiles":{"value":"[parameters(''allowedProfiles-511f5417-5d12-434d-ab2e-816901e72a5e'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodsShouldOnlyUseApprovedHostNetworkAndPortRange","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe","parameters":{"effect":{"value":"[parameters(''effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"allowHostNetwork":{"value":"[parameters(''allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"minPort":{"value":"[parameters(''minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"},"maxPort":{"value":"[parameters(''maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"kubernetesClusterPodHostpathVolumesShouldOnlyUseAllowedHostPaths","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75","parameters":{"effect":{"value":"[parameters(''effect-098fc59e-46c7-4d99-9b16-64990e543d75'')]"},"excludedNamespaces":{"value":"[parameters(''excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75'')]"},"allowedHostPaths":{"value":"[parameters(''allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-2"]},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilitiesInContainerSecurityConfigurationsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-4"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnYourSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstance","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSQLDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"vulnerabilitiesInAzureContainerRegistryImagesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562","parameters":{"effect":{"value":"[parameters(''effect-5f0f936f-2f01-4bf5-b6be-d423792fa562'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-6"]},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"systemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{"effect":{"value":"[parameters(''effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPHPVersionIsTheLatestIfUsedAsAPartOfTheWEBApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{"effect":{"value":"[parameters(''effect-7261b898-8a84-4db8-9e04-18527132abb3'')]"},"PHPLatestVersion":{"value":"[parameters(''PHPLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{"effect":{"value":"[parameters(''effect-496223c3-ad65-4ecd-878a-bae78737e9ed'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{"effect":{"value":"[parameters(''effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatJavaVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{"effect":{"value":"[parameters(''effect-88999f4c-376a-45c8-bcb3-4058f713cf39'')]"},"JavaLatestVersion":{"value":"[parameters(''JavaLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheWebApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7008174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{"effect":{"value":"[parameters(''effect-7238174a-fd10-4ef0-817e-fc820a951d73'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"ensureThatPythonVersionIsTheLatestIfUsedAsAPartOfTheAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{"effect":{"value":"[parameters(''effect-74c3584d-afae-46f7-a20a-6f8adba71a16'')]"},"LinuxPythonLatestVersion":{"value":"[parameters(''LinuxPythonLatestVersion'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"kubernetesServicesShouldBeUpgradedToANonVulnerableKubernetesVersion","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''effect-fb893a29-21bb-418c-a157-e99480ec364c'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_PV-7"]},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2","Azure_Security_Benchmark_v2.0_ES-3"]},{"policyDefinitionReferenceId":"auditWindowsMachinesOnWhichWindowsDefenderExploitGuardIsNotEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"effect":{"value":"[parameters(''effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_ES-2"]},{"policyDefinitionReferenceId":"longTermGeoRedundantBackupShouldBeEnabledForAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''effect-d38fc420-0735-4ef3-ac11-c806f651a570'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMysql","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''effect-82339799-d096-41ae-8538-b108becf0970'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgresql","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''effect-48af4db5-9b8b-401c-8e74-076be876a430'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariadb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''effect-0ec47710-77ff-4a3d-9181-6aa50af424d0'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"azureBackupShouldBeEnabledForVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d","parameters":{"effect":{"value":"[parameters(''effect-013e242c-8828-4970-87b3-ab247555486d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-1","Azure_Security_Benchmark_v2.0_BR-2"]},{"policyDefinitionReferenceId":"keyVaultsShouldHaveSoftDeleteEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d","parameters":{"effect":{"value":"[parameters(''effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]},{"policyDefinitionReferenceId":"keyVaultsShouldHavePurgeProtectionEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{"effect":{"value":"[parameters(''effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'')]"}},"groupNames":["Azure_Security_Benchmark_v2.0_BR-4"]}],"policyDefinitionGroups":[{"name":"Azure_Security_Benchmark_v2.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-1"},{"name":"Azure_Security_Benchmark_v2.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-2"},{"name":"Azure_Security_Benchmark_v2.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-3"},{"name":"Azure_Security_Benchmark_v2.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-4"},{"name":"Azure_Security_Benchmark_v2.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-5"},{"name":"Azure_Security_Benchmark_v2.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-6"},{"name":"Azure_Security_Benchmark_v2.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_NS-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-1"},{"name":"Azure_Security_Benchmark_v2.0_IM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-2"},{"name":"Azure_Security_Benchmark_v2.0_IM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-3"},{"name":"Azure_Security_Benchmark_v2.0_IM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-4"},{"name":"Azure_Security_Benchmark_v2.0_IM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-5"},{"name":"Azure_Security_Benchmark_v2.0_IM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-6"},{"name":"Azure_Security_Benchmark_v2.0_IM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-7"},{"name":"Azure_Security_Benchmark_v2.0_IM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IM-8"},{"name":"Azure_Security_Benchmark_v2.0_PA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-1"},{"name":"Azure_Security_Benchmark_v2.0_PA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-2"},{"name":"Azure_Security_Benchmark_v2.0_PA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-3"},{"name":"Azure_Security_Benchmark_v2.0_PA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-4"},{"name":"Azure_Security_Benchmark_v2.0_PA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-5"},{"name":"Azure_Security_Benchmark_v2.0_PA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-6"},{"name":"Azure_Security_Benchmark_v2.0_PA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-7"},{"name":"Azure_Security_Benchmark_v2.0_PA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PA-8"},{"name":"Azure_Security_Benchmark_v2.0_DP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-1"},{"name":"Azure_Security_Benchmark_v2.0_DP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-2"},{"name":"Azure_Security_Benchmark_v2.0_DP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-3"},{"name":"Azure_Security_Benchmark_v2.0_DP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-4"},{"name":"Azure_Security_Benchmark_v2.0_DP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_DP-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-1"},{"name":"Azure_Security_Benchmark_v2.0_AM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-2"},{"name":"Azure_Security_Benchmark_v2.0_AM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-3"},{"name":"Azure_Security_Benchmark_v2.0_AM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-4"},{"name":"Azure_Security_Benchmark_v2.0_AM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-5"},{"name":"Azure_Security_Benchmark_v2.0_AM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_AM-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-1"},{"name":"Azure_Security_Benchmark_v2.0_LT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-2"},{"name":"Azure_Security_Benchmark_v2.0_LT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-3"},{"name":"Azure_Security_Benchmark_v2.0_LT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-4"},{"name":"Azure_Security_Benchmark_v2.0_LT-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-5"},{"name":"Azure_Security_Benchmark_v2.0_LT-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-6"},{"name":"Azure_Security_Benchmark_v2.0_LT-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_LT-7"},{"name":"Azure_Security_Benchmark_v2.0_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-1"},{"name":"Azure_Security_Benchmark_v2.0_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-2"},{"name":"Azure_Security_Benchmark_v2.0_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-3"},{"name":"Azure_Security_Benchmark_v2.0_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-4"},{"name":"Azure_Security_Benchmark_v2.0_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-5"},{"name":"Azure_Security_Benchmark_v2.0_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_IR-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-1"},{"name":"Azure_Security_Benchmark_v2.0_PV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-2"},{"name":"Azure_Security_Benchmark_v2.0_PV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-3"},{"name":"Azure_Security_Benchmark_v2.0_PV-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-4"},{"name":"Azure_Security_Benchmark_v2.0_PV-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-5"},{"name":"Azure_Security_Benchmark_v2.0_PV-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-6"},{"name":"Azure_Security_Benchmark_v2.0_PV-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-7"},{"name":"Azure_Security_Benchmark_v2.0_PV-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_PV-8"},{"name":"Azure_Security_Benchmark_v2.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-1"},{"name":"Azure_Security_Benchmark_v2.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-2"},{"name":"Azure_Security_Benchmark_v2.0_ES-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_ES-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-1"},{"name":"Azure_Security_Benchmark_v2.0_BR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-2"},{"name":"Azure_Security_Benchmark_v2.0_BR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-3"},{"name":"Azure_Security_Benchmark_v2.0_BR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_BR-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-1"},{"name":"Azure_Security_Benchmark_v2.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-2"},{"name":"Azure_Security_Benchmark_v2.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-3"},{"name":"Azure_Security_Benchmark_v2.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-4"},{"name":"Azure_Security_Benchmark_v2.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-5"},{"name":"Azure_Security_Benchmark_v2.0_GS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-6"},{"name":"Azure_Security_Benchmark_v2.0_GS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-7"},{"name":"Azure_Security_Benchmark_v2.0_GS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v2.0_GS-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b","type":"Microsoft.Authorization/policySetDefinitions","name":"bb522ac1-bc39-4957-b194-429bcd3bcb0b"},{"properties":{"displayName":"[Preview]: Windows machines should meet requirements for the Azure security baseline","policyType":"BuiltIn","description":"This initiative audits Windows machines with settings that do not meet the Azure security baseline. For details, please visit https://aka.ms/gcpol","metadata":{"version":"2.0.0-preview","category":"Guest @@ -8753,20 +14281,257 @@ interactions: SP 800-53 R4","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming - releases. For more information, visit https://aka.ms/nist80053-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + releases. For more information, visit https://aka.ms/nist80053-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."},"allowedValues":["true","false"],"defaultValue":"false"},"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List - of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"FedRAMP + of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]: + New Zealand ISM Restricted","policyType":"BuiltIn","description":"This initiative + includes policies that address a subset of New Zealand Information Security + Manual controls. Additional policies will be added in upcoming releases. For + more information, visit https://aka.ms/nzism-initiative.","metadata":{"version":"2.0.0-preview","category":"Regulatory + Compliance","preview":true},"parameters":{"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Azure + Front Door Service","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability Assessment settings for SQL server should + contain an email address to receive scan reports","description":"For more + information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive network hardening recommendations should be applied + on internet facing virtual machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: There should be more than one owner assigned to your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0961003e-5a0a-4549-abde-af6a37f2724d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Disk encryption should be applied on virtual machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Function Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Application Gateway","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096":{"type":"String","metadata":{"displayName":"[Preview]: + WAF mode requirement for Application Gateway","description":"The Prevention + or Detection mode must be enabled on the Application Gateway service"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-17k78e20-9358-41c9-923c-fb736d382a12":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Transparent Data Encryption on SQL databases should be + enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: An Azure Active Directory administrator should be provisioned + for SQL servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Only secure connections to your Azure Cache for Redis should + be enabled","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-26a828e1-e88f-464e-bbb3-c134a282b9de":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Endpoint protection solution should be installed on virtual + machine scale sets","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + missing any of specified members in the Administrators group","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be included in Windows VM Administrators group","description":"A + semicolon-separated list of users that should be included in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Linux OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Storage accounts should restrict network access","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your virtual + machine scale sets should be remediated","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + that have extra accounts in the Administrators group","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that Windows VM Administrators group must only include","description":"A + semicolon-separated list of all the expected members of the Administrators + local group; Ex: Administrator; myUser1; myUser2"},"defaultValue":"Administrator"},"effect-404c3081-a854-4457-ae30-26a93ef643f9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Secure transfer to storage accounts should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should use the specified + mode for Azure Front Door Service","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8":{"type":"String","metadata":{"displayName":"[Preview]: + WAF mode requirement for Azure Front Door Service","description":"The Prevention + or Detection mode must be enabled on the Azure Front Door service"},"allowedValues":["Prevention","Detection"],"defaultValue":"Detection"},"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Adaptive application controls for defining safe applications + should be enabled on your machines","description":"For more information about + effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A maximum of 3 owners should be designated for your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: [Preview]: Storage account public access should be disallowed","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"},"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: A vulnerability assessment solution should be enabled on + your virtual machines","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application Firewall (WAF) should be enabled for Application + Gateway","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: CORS should not allow every resource to access your Web + Applications","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows web servers + that are not using secure communication protocols","description":"By selecting + ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum TLS version for Windows web servers","description":"Windows web servers + with lower TLS versions will be assessed as non-compliant"},"allowedValues":["1.1","1.2"],"defaultValue":"1.2"},"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Windows OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138":{"type":"Array","metadata":{"displayName":"[Preview]: + Optional: List of custom VM images that have supported Linux OS to add to + scope additional to the images in the gallery","description":"For more information + on Guest Configuration, visit https://aka.ms/gcpol"},"defaultValue":[]},"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with write permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + that have the specified members in the Administrators group","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f":{"type":"String","metadata":{"displayName":"[Preview]: + List of users that must be excluded from Windows VM Administrators group","description":"A + semicolon-separated list of users that should be excluded in the Administrators + local group; Ex: Administrator; myUser1; myUser2"}},"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts should be removed from your subscription","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Function App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-7796937f-307b-4598-941c-67d3a05ebfe7":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure subscriptions should have a log profile for Activity + Log","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9":{"type":"Array","metadata":{"displayName":"[Preview]: + List of resource types that should have resource logs enabled","strongType":"resourceTypes"},"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"effect-86b3d65f-7626-441e-b690-81a8b71cff60":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates should be installed on your machines","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your API App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9297c21d-2ed6-4474-b48f-163f75654ce3":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled accounts with write permissions on + your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-9b597639-28e4-48eb-b506-56b05d366257":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Microsoft IaaSAntimalware extension should be deployed + on Windows servers","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-a4af4a39-4135-47fb-b175-47fbdf85311d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Web Application should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Azure DDoS Protection Standard should be enabled","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with owner permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on your SQL servers","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Advanced data security should be enabled on SQL Managed + Instance","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Monitor missing Endpoint Protection in Azure Security Center","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b02aacc0-b073-424e-8298-42b22829ee0a":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Activity log should be retained for at least one year","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Management ports of virtual machines should be protected + with just-in-time network access control","description":"For more information + about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Service Fabric clusters should only use Azure Active Directory + for client authentication","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: API App should only be accessible over HTTPS","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Windows machines + on which Windows Defender Exploit Guard is not enabled","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Compliance state to report for Windows machines on which Windows Defender + Exploit Guard is not available","description":"Windows Defender Exploit Guard + is only available starting with Windows 10/Windows Server with update 1709. + Setting this value to ''Non-Compliant'' shows machines with older versions + on which Windows Defender Exploit Guard is not available (such as Windows + Server 2012 R2) as non-compliant. Setting this value to ''Compliant'' shows + these machines as compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"},"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Windows machines on which Windows Defender Exploit + Guard is not enabled","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: System updates on virtual machine scale sets should be + installed","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for Web Applications","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in security configuration on your machines + should be remediated","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e3576e28-8b17-4677-84c3-db2990658d64":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: MFA should be enabled on accounts with read permissions + on your subscription","description":"For more information about effects, visit + https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"listOfAllowedLocations-e56962a6-4747-49cd-b67b-bf8b01975c4c":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed locations for resources (deployments to other locations will be denied)","description":"Locations + for NZISM Restricted are New Zealand North, Australia East, Australia Southeast, + Australia Central and Australia Central 2.","strongType":"location","deprecated":true},"allowedValues":["australiaeast","australiasoutheast","australiacentral","australiacentral2"],"defaultValue":[]},"listOfAllowedLocations-e765b5de-1225-4ba3-bd56-1ac6695af988":{"type":"Array","metadata":{"displayName":"[Preview]: + Allowed locations for resource groups (deployments to other locations will + be denied)","description":"Locations for NZISM Restricted are New Zealand + North, Australia East, Australia Southeast, Australia Central and Australia + Central 2.","strongType":"location","deprecated":true},"allowedValues":["australiaeast","australiasoutheast","australiacentral","australiacentral2"],"defaultValue":[]},"effect-e8cbc669-f12d-49eb-93e7-9273119e9933":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities in container security configurations should + be remediated","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Remote debugging should be turned off for API Apps","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Linux machines + that allow remote connections from accounts without passwords","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that allow remote connections from + accounts without passwords","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Deprecated accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerability assessment should be enabled on your SQL + servers","description":"For more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Web App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Windows machines should + meet requirements for ''Security Settings - Account Policies''","description":"By + selecting ''true,'' you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Enforce password history for Windows VM local accounts","description":"Specifies + limits on password reuse - how many times a new password must be created for + a user account before the password can be repeated"},"defaultValue":"24"},"MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Maximum password age for Windows VM local accounts","description":"Specifies + the maximum number of days that may elapse before a user account password + must be changed; the format of the value is two integers separated by a comma, + denoting an inclusive range"},"defaultValue":"1,70"},"MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum password age for Windows VM local accounts","description":"Specifies + the minimum number of days that must elapse before a user account password + can be changed"},"defaultValue":"1"},"MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Minimum password length for Windows VM local accounts","description":"Specifies + the minimum number of characters that a user account password may contain"},"defaultValue":"14"},"PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Password must meet complexity requirements for Windows VM local accounts","description":"Specifies + whether a user account password must be complex; if required, a complex password + must not contain part of the user''s account name or full name; be at least + 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic + characters"},"defaultValue":"1"},"effect-f2143251-70de-4e81-87a8-36cee5a2f29d":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Windows machines should meet requirements for ''Security + Settings - Account Policies''","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917":{"type":"String","metadata":{"displayName":"[Preview]: + Log Analytics workspace ID for VM agent reporting","description":"ID (GUID) + of the Log Analytics workspace where VMs agents should report"}},"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Internet-facing virtual machines should be protected with + network security groups","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Include Arc-connected servers when evaluating policy: Audit Linux machines + that have accounts without passwords","description":"By selecting ''true,'' + you agree to be charged monthly per Arc connected machine"},"allowedValues":["true","false"],"defaultValue":"false"},"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Audit Linux machines that have accounts without passwords","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: External accounts with owner permissions should be removed + from your subscription","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-f9d614c5-c173-4d56-95a7-b4437057d193":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Latest TLS version should be used in your Function App","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-fc5e4038-4584-4632-8c85-c0448d374b2c":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: [Preview]: All Internet traffic should be routed via your + deployed Azure Firewall","description":"For more information about effects, + visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc":{"type":"String","metadata":{"displayName":"[Preview]: + Effect for policy: Vulnerabilities on your SQL databases should be remediated","description":"For + more information about effects, visit https://aka.ms/policyeffects"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"055aa869-bc98-4af8-bafc-23f1ab6ffe2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c","parameters":{"effect":{"value":"[parameters(''effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","parameters":{"effect":{"value":"[parameters(''effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"09024ccc-0c5f-475e-9457-b7c0d9ed487b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"0961003e-5a0a-4549-abde-af6a37f2724d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''effect-0961003e-5a0a-4549-abde-af6a37f2724d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-2","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"0e60b895-3786-45da-8377-9c6b4b6ac5f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"12430be1-6cc8-4527-a9a8-e3d38f250096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096","parameters":{"effect":{"value":"[parameters(''effect-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"17k78e20-9358-41c9-923c-fb736d382a12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''effect-17k78e20-9358-41c9-923c-fb736d382a12'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"1c210e94-a481-4beb-95fa-1571b434fb04","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-4","NZISM_Security_Benchmark_v1.0_AC-5","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"1f314764-cb73-4fc9-b863-8eca98ac36e9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''effect-1f314764-cb73-4fc9-b863-8eca98ac36e9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"22bee202-a82f-4305-9a2a-6d7f44d4dedb","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"26a828e1-e88f-464e-bbb3-c134a282b9de","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''effect-26a828e1-e88f-464e-bbb3-c134a282b9de'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"},"MembersToInclude":{"value":"[parameters(''MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"32133ab0-ee4b-4b44-98d6-042180979d50","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"331e8ea8-378a-410f-a2e5-ae22f38bb0da","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"34c877ad-507e-4c82-993e-3452a6e0ad3c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''effect-34c877ad-507e-4c82-993e-3452a6e0ad3c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"385f5831-96d4-41db-9a3c-cd3af78aaae6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9","NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"3be22e3b-d919-47aa-805e-8985dbeb0ad9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2'')]"},"Members":{"value":"[parameters(''Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"404c3081-a854-4457-ae30-26a93ef643f9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''effect-404c3081-a854-4457-ae30-26a93ef643f9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"425bea59-a659-4cbb-8d31-34499bd030b8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8","parameters":{"effect":{"value":"[parameters(''effect-425bea59-a659-4cbb-8d31-34499bd030b8'')]"},"modeRequirement":{"value":"[parameters(''modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"47a6b606-51aa-4496-8bb7-64b11cf66adc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''effect-47a6b606-51aa-4496-8bb7-64b11cf66adc'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-4"]},{"policyDefinitionReferenceId":"4f11b553-d42e-4e3a-89be-32ca364cad4c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''effect-4f11b553-d42e-4e3a-89be-32ca364cad4c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751","parameters":{"effect":{"value":"[parameters(''effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"501541f7-f7e7-4cd6-868c-4190fdad3ac9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66","parameters":{"effect":{"value":"[parameters(''effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"5752e6d6-1206-46d8-8ab1-ecc2f71a8112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"5c607a2e-c700-4744-8254-d77e7c9eb5e4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"},"MembersToExclude":{"value":"[parameters(''MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2","NZISM_Security_Benchmark_v1.0_AC-9"]},{"policyDefinitionReferenceId":"6b1cbf55-e8b6-442f-ba4c-7246b6381474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5","NZISM_Security_Benchmark_v1.0_AC-5"]},{"policyDefinitionReferenceId":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"7796937f-307b-4598-941c-67d3a05ebfe7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{"effect":{"value":"[parameters(''effect-7796937f-307b-4598-941c-67d3a05ebfe7'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-13"]},{"policyDefinitionReferenceId":"7f89b1eb-583c-429a-8828-af049802c1d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14","NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"86b3d65f-7626-441e-b690-81a8b71cff60","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''effect-86b3d65f-7626-441e-b690-81a8b71cff60'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"9297c21d-2ed6-4474-b48f-163f75654ce3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''effect-9297c21d-2ed6-4474-b48f-163f75654ce3'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"9b597639-28e4-48eb-b506-56b05d366257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","parameters":{"effect":{"value":"[parameters(''effect-9b597639-28e4-48eb-b506-56b05d366257'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2"]},{"policyDefinitionReferenceId":"a4af4a39-4135-47fb-b175-47fbdf85311d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''effect-a4af4a39-4135-47fb-b175-47fbdf85311d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"a7aca53f-2ed4-4466-a25e-0b45ade68efd","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-5"]},{"policyDefinitionReferenceId":"aa633080-8b72-40c4-a2d7-d00c03e80bed","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''effect-aa633080-8b72-40c4-a2d7-d00c03e80bed'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-6"]},{"policyDefinitionReferenceId":"af6cd1bd-1635-48cb-bde7-5b15693900b9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''effect-af6cd1bd-1635-48cb-bde7-5b15693900b9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-2","NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"b02aacc0-b073-424e-8298-42b22829ee0a","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{"effect":{"value":"[parameters(''effect-b02aacc0-b073-424e-8298-42b22829ee0a'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-15"]},{"policyDefinitionReferenceId":"b0f33259-77d7-4c9e-aac6-3aabcfae693c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"b7ddfbdc-1260-477d-91fd-98bd9be789a6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_SS-8"]},{"policyDefinitionReferenceId":"bed48b13-6647-468e-aa2f-1af1d3f4dd40","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"},"effect":{"value":"[parameters(''effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_DM-4"]},{"policyDefinitionReferenceId":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"e3576e28-8b17-4677-84c3-db2990658d64","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''effect-e3576e28-8b17-4677-84c3-db2990658d64'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-3","NZISM_Security_Benchmark_v1.0_AC-17"]},{"policyDefinitionReferenceId":"e8cbc669-f12d-49eb-93e7-9273119e9933","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''effect-e8cbc669-f12d-49eb-93e7-9273119e9933'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-7"]},{"policyDefinitionReferenceId":"ea53dbee-c6c9-4f0e-9f9e-de0039b78023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"},"effect":{"value":"[parameters(''effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3","NZISM_Security_Benchmark_v1.0_PRS-5","NZISM_Security_Benchmark_v1.0_AC-5"]},{"policyDefinitionReferenceId":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"f2143251-70de-4e81-87a8-36cee5a2f29d","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"EnforcePasswordHistory":{"value":"[parameters(''EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MaximumPasswordAge":{"value":"[parameters(''MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MinimumPasswordAge":{"value":"[parameters(''MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"MinimumPasswordLength":{"value":"[parameters(''MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"PasswordMustMeetComplexityRequirements":{"value":"[parameters(''PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"},"effect":{"value":"[parameters(''effect-f2143251-70de-4e81-87a8-36cee5a2f29d'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-4"]},{"policyDefinitionReferenceId":"f47b5582-33ec-4c5c-87c0-b010a6b2e917","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-14"]},{"policyDefinitionReferenceId":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-2"]},{"policyDefinitionReferenceId":"f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"},"effect":{"value":"[parameters(''effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_AC-2"]},{"policyDefinitionReferenceId":"f8456c1c-aa66-4dfb-861a-25d127b775c9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''effect-f8456c1c-aa66-4dfb-861a-25d127b775c9'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_PRS-5"]},{"policyDefinitionReferenceId":"f9d614c5-c173-4d56-95a7-b4437057d193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''effect-f9d614c5-c173-4d56-95a7-b4437057d193'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_CR-6"]},{"policyDefinitionReferenceId":"fc5e4038-4584-4632-8c85-c0448d374b2c","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c","parameters":{"effect":{"value":"[parameters(''effect-fc5e4038-4584-4632-8c85-c0448d374b2c'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_NS-7"]},{"policyDefinitionReferenceId":"feedbf84-6b99-488c-acc2-71c829aa5ffc","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''effect-feedbf84-6b99-488c-acc2-71c829aa5ffc'')]"}},"groupNames":["NZISM_Security_Benchmark_v1.0_ISM-3"]},{"policyDefinitionReferenceId":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NZISM_Security_Benchmark_v1.0_ESS-3"]}],"policyDefinitionGroups":[{"name":"NZISM_Security_Benchmark_v1.0_AIS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-1"},{"name":"NZISM_Security_Benchmark_v1.0_AIS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISGV-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISG-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-5"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-1"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-2"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-3"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-4"},{"name":"NZISM_Security_Benchmark_v1.0_SCA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-6"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-7"},{"name":"NZISM_Security_Benchmark_v1.0_ISD-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-8"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-3"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-4"},{"name":"NZISM_Security_Benchmark_v1.0_ISM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-5"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-1"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-2"},{"name":"NZISM_Security_Benchmark_v1.0_ISI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-3"},{"name":"NZISM_Security_Benchmark_v1.0_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-5"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PSS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-5"},{"name":"NZISM_Security_Benchmark_v1.0_INF-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-1"},{"name":"NZISM_Security_Benchmark_v1.0_INF-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-2"},{"name":"NZISM_Security_Benchmark_v1.0_INF-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-3"},{"name":"NZISM_Security_Benchmark_v1.0_INF-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-4"},{"name":"NZISM_Security_Benchmark_v1.0_INF-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-5"},{"name":"NZISM_Security_Benchmark_v1.0_INF-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-6"},{"name":"NZISM_Security_Benchmark_v1.0_INF-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-7"},{"name":"NZISM_Security_Benchmark_v1.0_INF-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-8"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-1"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-2"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-3"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-4"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-5"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-6"},{"name":"NZISM_Security_Benchmark_v1.0_CSD-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-7"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-1"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-2"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-3"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-4"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-5"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-6"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-7"},{"name":"NZISM_Security_Benchmark_v1.0_PRS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-8"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-1"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-2"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-3"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-4"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-5"},{"name":"NZISM_Security_Benchmark_v1.0_MDD-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-6"},{"name":"NZISM_Security_Benchmark_v1.0_SS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-1"},{"name":"NZISM_Security_Benchmark_v1.0_SS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-2"},{"name":"NZISM_Security_Benchmark_v1.0_SS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-3"},{"name":"NZISM_Security_Benchmark_v1.0_SS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-4"},{"name":"NZISM_Security_Benchmark_v1.0_SS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-5"},{"name":"NZISM_Security_Benchmark_v1.0_SS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-6"},{"name":"NZISM_Security_Benchmark_v1.0_SS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-7"},{"name":"NZISM_Security_Benchmark_v1.0_SS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-8"},{"name":"NZISM_Security_Benchmark_v1.0_ES-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-1"},{"name":"NZISM_Security_Benchmark_v1.0_ES-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-2"},{"name":"NZISM_Security_Benchmark_v1.0_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-1"},{"name":"NZISM_Security_Benchmark_v1.0_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-2"},{"name":"NZISM_Security_Benchmark_v1.0_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-3"},{"name":"NZISM_Security_Benchmark_v1.0_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-4"},{"name":"NZISM_Security_Benchmark_v1.0_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-5"},{"name":"NZISM_Security_Benchmark_v1.0_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-6"},{"name":"NZISM_Security_Benchmark_v1.0_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-7"},{"name":"NZISM_Security_Benchmark_v1.0_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-8"},{"name":"NZISM_Security_Benchmark_v1.0_AC-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-9"},{"name":"NZISM_Security_Benchmark_v1.0_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-10"},{"name":"NZISM_Security_Benchmark_v1.0_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-11"},{"name":"NZISM_Security_Benchmark_v1.0_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-12"},{"name":"NZISM_Security_Benchmark_v1.0_AC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-13"},{"name":"NZISM_Security_Benchmark_v1.0_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-14"},{"name":"NZISM_Security_Benchmark_v1.0_AC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-15"},{"name":"NZISM_Security_Benchmark_v1.0_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-16"},{"name":"NZISM_Security_Benchmark_v1.0_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-17"},{"name":"NZISM_Security_Benchmark_v1.0_CR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-1"},{"name":"NZISM_Security_Benchmark_v1.0_CR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-2"},{"name":"NZISM_Security_Benchmark_v1.0_CR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-3"},{"name":"NZISM_Security_Benchmark_v1.0_CR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-4"},{"name":"NZISM_Security_Benchmark_v1.0_CR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-5"},{"name":"NZISM_Security_Benchmark_v1.0_CR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-6"},{"name":"NZISM_Security_Benchmark_v1.0_CR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-7"},{"name":"NZISM_Security_Benchmark_v1.0_CR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-8"},{"name":"NZISM_Security_Benchmark_v1.0_CR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-9"},{"name":"NZISM_Security_Benchmark_v1.0_CR-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-10"},{"name":"NZISM_Security_Benchmark_v1.0_CR-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-11"},{"name":"NZISM_Security_Benchmark_v1.0_CR-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-12"},{"name":"NZISM_Security_Benchmark_v1.0_NS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-1"},{"name":"NZISM_Security_Benchmark_v1.0_NS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-2"},{"name":"NZISM_Security_Benchmark_v1.0_NS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-3"},{"name":"NZISM_Security_Benchmark_v1.0_NS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-4"},{"name":"NZISM_Security_Benchmark_v1.0_NS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-5"},{"name":"NZISM_Security_Benchmark_v1.0_NS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-6"},{"name":"NZISM_Security_Benchmark_v1.0_NS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-7"},{"name":"NZISM_Security_Benchmark_v1.0_NS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-8"},{"name":"NZISM_Security_Benchmark_v1.0_NS-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-9"},{"name":"NZISM_Security_Benchmark_v1.0_GS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-1"},{"name":"NZISM_Security_Benchmark_v1.0_GS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-2"},{"name":"NZISM_Security_Benchmark_v1.0_GS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-3"},{"name":"NZISM_Security_Benchmark_v1.0_GS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-4"},{"name":"NZISM_Security_Benchmark_v1.0_GS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-5"},{"name":"NZISM_Security_Benchmark_v1.0_DM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-1"},{"name":"NZISM_Security_Benchmark_v1.0_DM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-2"},{"name":"NZISM_Security_Benchmark_v1.0_DM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-3"},{"name":"NZISM_Security_Benchmark_v1.0_DM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-4"},{"name":"NZISM_Security_Benchmark_v1.0_DM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-5"},{"name":"NZISM_Security_Benchmark_v1.0_DM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-6"},{"name":"NZISM_Security_Benchmark_v1.0_WO-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-1"},{"name":"NZISM_Security_Benchmark_v1.0_WO-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-2"},{"name":"NZISM_Security_Benchmark_v1.0_WO-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-3"},{"name":"NZISM_Security_Benchmark_v1.0_WO-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-4"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-1"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-2"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-3"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-4"},{"name":"NZISM_Security_Benchmark_v1.0_ESS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-5"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a","type":"Microsoft.Authorization/policySetDefinitions","name":"d1a462af-7e6d-4901-98ac-61570b4ed22a"},{"properties":{"displayName":"FedRAMP High","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP H controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/fedramph-blueprint.","metadata":{"version":"3.0.1","category":"Regulatory + For more information, visit https://aka.ms/fedramph-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -8786,7 +14551,7 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability assessment should be enabled on SQL Managed Instance","description":"Audit each SQL Managed Instance which doesn''t have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -8808,7 +14573,7 @@ interactions: backup should be enabled for Azure Database for PostgreSQL","description":"This policy audits any Azure Database for PostgreSQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines","description":"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web Application should only be accessible over HTTPS","description":"Enable or @@ -8838,7 +14603,7 @@ interactions: or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term geo-redundant backup should be enabled for Azure SQL Databases","description":"This policy audits any Azure SQL Database with long-term geo-redundant backup not - enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Deprecated]: + enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"previewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"AdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information @@ -9208,7 +14973,7 @@ interactions: Moderate","policyType":"BuiltIn","description":"This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. - For more information, visit https://aka.ms/fedrampm-blueprint.","metadata":{"version":"3.0.0","category":"Regulatory + For more information, visit https://aka.ms/fedrampm-blueprint.","metadata":{"version":"4.0.1","category":"Regulatory Compliance"},"parameters":{"IncludeArcMachines":{"type":"String","metadata":{"displayName":"Include Arc connected servers for Guest Configuration policies","description":"Optionally choose to audit settings inside Arc connected servers using Guest Configuration @@ -9217,13 +14982,13 @@ interactions: Analytics Workspace Id that VMs should be configured for","description":"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List - of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members + of resource types that should have resource logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members to exclude","description":"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members to include","description":"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; - myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"[Deprecated]: + myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenNone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_AddSystemIdentityWhenUser","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionWindows","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6","parameters":{}},{"policyDefinitionReferenceId":"Prerequisite_DeployExtensionLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861","parameters":{}},{"policyDefinitionReferenceId":"PreviewuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"aVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"},"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112","parameters":{"IncludeArcMachines":{"value":"[parameters(''IncludeArcMachines'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"[Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell @@ -9243,11 +15008,11 @@ interactions: cache-control: - no-cache content-length: - - '1153301' + - '1805013' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:50 GMT + - Mon, 22 Mar 2021 08:44:34 GMT expires: - '-1' pragma: @@ -9279,15 +15044,15 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:19.7051988Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:03.7869265Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed locations","description":"The list of locations that can be specified when deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}' headers: @@ -9298,7 +15063,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:18:51 GMT + - Mon, 22 Mar 2021 08:44:36 GMT expires: - '-1' pragma: @@ -9332,15 +15097,15 @@ interactions: ParameterSetName: - -n --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005?api-version=2019-09-01 response: body: - string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:18:20.3636062Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}' + string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T08:44:04.4193564Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}' headers: cache-control: - no-cache @@ -9349,7 +15114,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:02 GMT + - Mon, 22 Mar 2021 08:44:47 GMT expires: - '-1' pragma: @@ -9363,7 +15128,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-deletes: - - '14999' + - '14998' status: code: 200 message: OK @@ -9381,8 +15146,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -9405,11 +15170,28 @@ interactions: Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Vulnerability + assessment should be enabled on your Synapse workspaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Discover, + track, and remediate potential vulnerabilities by configuring recurring SQL + vulnerability assessment scans on your Synapse workspaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0049a6b3-a662-4f3e-8635-39cf44ace45a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"Azure + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"SQL + Server Integration Services integration runtimes on Azure Data Factory should + be joined to a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security and isolation for your + SQL Server Integration Services integration runtimes on Azure Data Factory, + as well as subnets, access control policies, and other features to further + restrict access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.vnetProperties.vnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0088bc63-6dee-4a9c-9d29-91cfdc848952\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Batch accounts without a need for public IP addresses at the source or + destination. Learn more about private endpoints in Batch at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/009a0c92-f5b4-4776-9b66-4ed2b4775563\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"009a0c92-f5b4-4776-9b66-4ed2b4775563\"},{\"properties\":{\"displayName\":\"Azure Backup should be enabled for Virtual Machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure Backup is a secure and cost effective data protection solution for Azure.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -9476,7 +15258,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03b78f5e-4877-4303-b0f4-eb6583f25768\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1361 - Incident Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Azure + Kubernetes Service Private Clusters should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + the private cluster feature for your Azure Kubernetes Service cluster to ensure + network traffic between your API server and your node pools remains on the + private network only. This is a common requirement in many regulatory and + industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"field\":\"Microsoft.ContainerService/managedClusters/apiServerAccessProfile.enablePrivateCluster\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"040732e8-d947-40b8-95d6-854c95024bf8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1594 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"042ba2a1-8bb8-45f4-b080-c78cf62b90e9\"},{\"properties\":{\"displayName\":\"Audit @@ -9499,10 +15287,11 @@ interactions: when deploying Azure Cosmos DB resources.\",\"strongType\":\"location\"}},\"policyEffect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/Locations[*]\",\"where\":{\"value\":\"[replace(toLower(first(field('Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName'))), ' ', '')]\",\"in\":\"[parameters('listOfAllowedLocations')]\"}},\"notEquals\":\"[length(field('Microsoft.DocumentDB/databaseAccounts/Locations[*]'))]\"}]},\"then\":{\"effect\":\"[parameters('policyEffect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0473574d-2d43-4217-aefe-941fcdf7e684\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0473574d-2d43-4217-aefe-941fcdf7e684\"},{\"properties\":{\"displayName\":\"SQL - Managed Instance TDE protector should be encrypted with your own key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent - Data Encryption (TDE) with your own key support provides increased transparency - and control over the TDE Protector, increased security with an HSM-backed - external service, and promotion of separation of duties.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + managed instances should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Implementing + Transparent Data Encryption (TDE) with your own key provides you with increased + transparency and control over the TDE Protector, increased security with an + HSM-backed external service, and promotion of separation of duties. This recommendation + applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"048248b0-55cd-46da-b1ff-39efd52db260\"},{\"properties\":{\"displayName\":\"[Preview]: Network traffic data collection agent should be installed on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Security @@ -9539,11 +15328,11 @@ interactions: Managed Control 1572 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\"},{\"properties\":{\"displayName\":\"Azure - API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + API for FHIR should use a customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer - of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API for FHIR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HealthcareApis/services\"},{\"field\":\"Microsoft.HealthcareApis/services/cosmosDbConfiguration.keyVaultKeyUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"051cba44-2429-45b9-9649-46cec11c7119\"},{\"properties\":{\"displayName\":\"Deploy Log Analytics agent for Linux VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy @@ -9562,9 +15351,14 @@ interactions: Managed Control 1331 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"05460fe2-301f-4ed1-8174-d62c8bb92ff4\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Azure Front Door Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Azure Front Door Service. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Application Firewall (WAF) should be enabled for Azure Front Door Service + service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/frontdoors\"},{\"field\":\"Microsoft.Network/frontdoors/frontendEndpoints[*].webApplicationFirewallPolicyLink.id\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"055aa869-bc98-4af8-bafc-23f1ab6ffe2c\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity @@ -9577,15 +15371,15 @@ interactions: that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Data Lake Store should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -9605,7 +15399,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063b540e-4bdc-4e7a-a569-3a42ddf22098\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1688 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + access the private endpoint(s) for Storage Sync Service resource interfaces + from a registered server, you need to configure your DNS to resolve the correct + names to your private endpoint's private IP addresses. This policy creates + the requisite Azure Private DNS Zone and A records for the interfaces of your + Storage Sync Service private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"Private + DNS Zone Identifier\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"afs\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f\",\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-afs\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"06695360-db88-47f6-b976-7500d4297475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"068260be-a5e6-4b0a-a430-cd27071c226a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9623,7 +15426,7 @@ interactions: network access should be disabled for Cognitive Services accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only - connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0725b4dd-7e76-479c-a735-68e7ee23d5ca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated @@ -9635,16 +15438,16 @@ interactions: app. Allow only required domains to interact with your Function app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed. The list of OS images will be updated over - time as support is updated.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled @@ -9679,18 +15482,18 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Search/searchServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08ba64b8-738f-4918-9686-730d2ed79c7d\"},{\"properties\":{\"displayName\":\"Adaptive - Network Hardening recommendations should be applied on internet facing virtual + network hardening recommendations should be applied on internet facing virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential - attack surface\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security + attack surface\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There should be more than one owner assigned to your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate more than one subscription owner in order to have - administrator access redundancy.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + administrator access redundancy.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1159 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0925f098-7877-450b-8ba4-d1e55f2d8795\"},{\"properties\":{\"displayName\":\"Disk @@ -9740,13 +15543,13 @@ interactions: to Azure Database for MariaDB. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"[Preview]: - Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"Azure + Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements - and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft + and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1654 - Voice Over Internet Protocol\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a2ee16e-ab1f-414a-800b-d1608835862b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9757,7 +15560,7 @@ interactions: implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a77fcc7-b8d8-451a-ab52-56197913c0c7\"},{\"properties\":{\"displayName\":\"Audit resource location matches resource group location\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - that the resource location matches its resource group location\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"location\",\"notIn\":[\"[resourcegroup().location]\",\"global\"]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: + that the resource location matches its resource group location\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[resourcegroup().location]\"},{\"field\":\"location\",\"notEquals\":\"global\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -9773,7 +15576,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\"}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your containers with greater flexibility using customer-managed keys. When + you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.vaultBaseUrl\",\"exists\":false},{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.keyName\",\"exists\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0aa61e00-0a01-4a3c-9945-e93cffedf0e6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1044 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0abbac52-57cf-450d-8408-1208d0dd9e90\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9781,25 +15592,24 @@ interactions: Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0afce0b3-dd9f-42bb-af28-1e4284ba8311\"},{\"properties\":{\"displayName\":\"Email - notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - emailing security alerts to the subscription owner, in order to have them - receive security alert emails from Microsoft. This ensures that they are aware - of any potential security issues and can mitigate the risk in a timely fashion\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure your subscription owners are notified when there is a potential security + breach in their subscription, set email notifications to subscription owners + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"not\":{\"allOf\":[{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"equals\":\"Off\"},{\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\",\"equals\":\"High\"}]}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b1aa965-7502-41f9-92be-3e2fe7cc392a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1020 - Account Management | Role-Based Schemes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b291ee8-3140-4cad-beb7-568c077c78ce\"},{\"properties\":{\"displayName\":\"Key - vault should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + vaults should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious deletion of a key vault can lead to permanent data loss. A malicious insider - in your organization may potentially be able to gain access to delete and - purge key vaults. Purge protection protects you from insider attacks by enforcing - a mandatory retention period for soft deleted key vaults. No one inside your - organization or Microsoft will be able to purge your key vaults during the - soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key + in your organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -9829,15 +15639,29 @@ interactions: certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Automation Accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Automation accounts without a need for public IP addresses at the source + or destination. Learn more about private endpoints in Azure Automation at + https://docs.microsoft.com/azure/automation/how-to/private-link-security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c2b3618-68a8-4034-a150-ff4abc873462\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c2b3618-68a8-4034-a150-ff4abc873462\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1496 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ca96127-2f87-46ab-a4fc-0d2a786df1c8\"},{\"properties\":{\"displayName\":\"SQL - server TDE protector should be encrypted with your own key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent - Data Encryption (TDE) with your own key support provides increased transparency + servers should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Implementing + Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed - external service, and promotion of separation of duties.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Microsoft + external service, and promotion of separation of duties. This recommendation + applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Private + endpoint should be enabled for IoT Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections enforce secure communication by enabling private connectivity + to IoT Hub. Configure a private endpoint connection to enable access to traffic + coming only from known networks and prevent access from all other IP addresses, + including within Azure.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d40b058-9f95-4a19-93e3-9b0330baa2a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d40b058-9f95-4a19-93e3-9b0330baa2a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1518 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d58f734-c052-40e9-8b2f-a1c2bff0b815\"},{\"properties\":{\"displayName\":\"Microsoft @@ -9857,9 +15681,9 @@ interactions: visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDefenderExploitGuard\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy a flow log resource with target network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configures flow log for specific network security group. It will allow to log information about IP traffic flowing through an network security group. Flow log helps @@ -9896,7 +15720,13 @@ interactions: Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Authorized + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure File Sync to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Azure File Sync's internet-accessible public endpoint are disabled by your + organizational policy. You may still access the Storage Sync Service via its + private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"Audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"value\":\"AllowVirtualNetworksOnly\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0e07b2e9-6cd9-4c40-9ccb-52817b95133b\"},{\"properties\":{\"displayName\":\"Authorized IP ranges should be defined on Kubernetes Services\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized @@ -9933,7 +15763,15 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ecd903d-91e7-4726-83d3-a229d7f2e293\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1601 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"[Preview]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"Configure + Batch accounts with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Batch + accounts, you can reduce data leakage risks. Learn more about private links + at: https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"equals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"batchAccount\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ef5aac7-c064-427a-b87b-d47b3ddcaf73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ef5aac7-c064-427a-b87b-d47b3ddcaf73\"},{\"properties\":{\"displayName\":\"[Preview]: Audit Azure Spring Cloud instances where distributed tracing is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Distributed tracing tools in Azure Spring Cloud allow debugging and monitoring the complex interconnections between microservices in an application. Distributed tracing @@ -9957,7 +15795,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fb8d3ce-9e96-481c-9c68-88d4e3019310\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1017 - Account Management | Inactivity Logout\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"CORS + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Container registries\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that container registries + are not exposed on the public internet. Creating private endpoints can limit + exposure of container registry resources. Learn more at: https://aka.ms/acr/portal/public-network + and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fdf0491-d080-4575-b627-ad0e843cba0f\"},{\"properties\":{\"displayName\":\"CORS should not allow every domain to access your API for FHIR\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly @@ -10005,21 +15850,29 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11158848-f679-4e9b-aa7b-9fb07d945071\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1432 - Media Storage\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Cognitive + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure IoT Hubs to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint. This policy disables + public network access on IoT Hub resources.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/114eec6e-5e59-4bad-999d-6eceeb39d582\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"114eec6e-5e59-4bad-999d-6eceeb39d582\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should use customer owned storage or enable data encryption.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed. The list of OS images is updated + over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - System settings'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - System settings' for certificate rules on executables for SRP and @@ -10092,9 +15945,9 @@ interactions: Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow - in adaptive application control policies.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + in adaptive application control policies.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web Application Firewall (WAF) should use the specified mode for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Mandates the use of 'Detection' or 'Prevention' mode to be active on all Web Application Firewall policies for Application Gateway.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -10102,7 +15955,13 @@ interactions: Requirement\",\"description\":\"Mode required for all WAF policies\"},\"allowedValues\":[\"Prevention\",\"Detection\"],\"defaultValue\":\"Detection\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies\"},{\"field\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.mode\",\"notEquals\":\"[parameters('modeRequirement')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12430be1-6cc8-4527-a9a8-e3d38f250096\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use Key Vault for storing secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure secrets (such as connection strings) are managed securely, require + users to provide secrets using an Azure Key Vault instead of specifying them + inline in linked services.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"exists\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"PWD=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"Password=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"CredString=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"pwd=\"}]}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"exists\":\"false\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSearch.typeProperties.key.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/CosmosDb.typeProperties.accountKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.encryptedCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.mwsAuthToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.secretKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonS3.typeProperties.secretAccessKey.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential.type\",\"equals\":\"SecureString\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken.type\",\"equals\":\"SecureString\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Odbc.typeProperties.credential.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleAdWords.typeProperties.developerToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.clientSecret.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.refreshToken.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"MongoDbAtlas\",\"MongoDbV2\"]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCert.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCertPassword.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.privateKeyContent.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.passPhrase.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Salesforce.typeProperties.securityToken.type\",\"equals\":\"SecureString\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"127ef6d7-242f-43b3-9eef-947faf1725d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1240 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"129eb39f-d79a-4503-84cd-92f036b5e429\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -10156,7 +16015,18 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"134d7a13-ba3e-41e2-b236-91bfcfa24e01\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1184 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"[Preview]: + Configure machines to receive the Qualys vulnerability assessment agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Defender includes vulnerability scanning for your machines at no extra cost. + You don't need a Qualys license or even a Qualys account - everything's handled + seamlessly inside Security Center. Machines which don't have the Qualys vulnerability + assessment agent deployed automatically receive the agent if this policy is + enabled.\",\"metadata\":{\"category\":\"Security Center\",\"preview\":true,\"version\":\"2.0.0-preview\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]},\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"template\":{\"contentVersion\":\"1.0.0.0\",\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"parameters\":{\"vmName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.compute/virtualmachines'))]\",\"type\":\"Microsoft.Compute/virtualMachines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"},{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.hybridcompute/machines'))]\",\"type\":\"Microsoft.HybridCompute/machines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"}]},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}}}},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\",\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13ce0167-8ca6-4048-8e6b-f996402e3c1b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1085 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13d117e0-38b0-4bbb-aaab-563be5dd10ba\"},{\"properties\":{\"displayName\":\"Microsoft @@ -10221,7 +16091,38 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;MembersToExclude\",\"value\":\"[parameters('MembersToExclude')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityWindowsAgent\":\"[concat('deployAzureSecurityWindowsAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityWindowsAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityWindowsAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1537496a-b1e8-482b-a06a-1cc2415cdc7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1157 - Plan Of Action And Milestones\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"15495367-cf68-464c-bbc3-f53ca5227b7a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -10284,7 +16185,15 @@ interactions: '-', uniqueString(parameters('targetManagedApplicationId')))]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"associatedResourceName\":{\"type\":\"string\"},\"resourceTypesToAssociate\":{\"type\":\"string\"},\"targetManagedApplicationId\":{\"type\":\"string\"},\"associationNamePrefix\":{\"type\":\"string\"}},\"variables\":{\"resourceType\":\"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\"resourceName\":\"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2017-05-10\",\"name\":\"[concat(deployment().Name, - '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"Transparent + '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"[ASC + Private Preview] Deploy - Configure system-assigned managed identity to enable + Azure Monitor assignments on VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"[ASC + Private Preview] Configure system-assigned managed identity to virtual machines + hosted in Azure that are supported by Azure Monitor that do not have a system-assigned + managed identity. A system-assigned managed identity is a prerequisite for + all Azure Monitor assignments and must be added to machines before using any + Azure Monitor extension. Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.2.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"value\":\"[requestContext().apiVersion]\",\"greaterOrEquals\":\"2018-10-01\"},{\"field\":\"identity.type\",\"notContains\":\"SystemAssigned\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"identity.type\",\"value\":\"[if(contains(field('identity.type'), + 'UserAssigned'), concat(field('identity.type'), ',SystemAssigned'), 'SystemAssigned')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17b3de92-f710-4cf4-aa55-0e7859f1ed7b\"},{\"properties\":{\"displayName\":\"Transparent Data Encryption on SQL databases should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -10295,14 +16204,13 @@ interactions: Managed Control 1480 - Temperature And Humidity Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18a767cc-1947-4338-a240-bc058c81164f\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - PostgreSQL database servers enables implementing a separation of duties in - the management of keys and data. When you configure a customer-managed key, - the key is used to protect and control access to the key that encrypts your - data. You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18adea5e-f416-4d0f-8aa8-d24321e3e274\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1369 - Incident Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -10338,7 +16246,13 @@ interactions: your app services are overly permissive and allow inbound traffic from ranges that are too broad\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Vulnerability + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Azure + Event Grid topics should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1adadefe-5f21-44f7-b931-a59b54ccdb45\"},{\"properties\":{\"displayName\":\"Vulnerability assessment should be enabled on SQL Managed Instance\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -10347,7 +16261,8 @@ interactions: network access on Azure SQL Database should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration - denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure + denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API @@ -10357,13 +16272,21 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machines if the VM Image (OS) is in the - list defined and the agent is not installed. The list of OS images will be - updated over time as support is updated.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Azure + Service Bus namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Service Bus namespaces, + data leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c06e275-d63d-4540-b761-71f364c2111d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c06e275-d63d-4540-b761-71f364c2111d\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Dependency agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c210e94-a481-4beb-95fa-1571b434fb04\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -10372,49 +16295,61 @@ interactions: Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Public + network access on Azure Data Factory should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + Data Factory can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Azure + File Sync should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Creating + a private endpoint for the indicated Storage Sync Service resource allows + you to address your Storage Sync Service resource from within the private + IP address space of your organization's network, rather than through the internet-accessible + public endpoint. Creating a private endpoint by itself does not disable the + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d320205-c6a1-4ac6-873d-46224024e8e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d320205-c6a1-4ac6-873d-46224024e8e2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"Deploy + GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth from the defined git repo. For - instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"preview\":true,\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Configuration resource name\",\"description\":\"The name for the sourceControlConfiguration. - \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator instance name\",\"description\":\"The name of the operator associated - with this configuration. The instance name can contain up to 353 lower-case - alphanumeric characters, hyphen, or period. If enableHelmOperator is true, - then operatorInstanceName + operatorNamespace strings cannot exceed 47 characters - combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator namespace\",\"description\":\"The namespace to use for the configuration - operator. The namespace can contain up to 353 lower-case alphanumeric characters, - hyphen, or period. If enableHelmOperator is true, then operatorInstanceName - + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator scope\",\"description\":\"The permission scope for the operator. - Possible values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator type\",\"description\":\"The type of operator to install. Currently, - 'Flux' is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator parameters\",\"description\":\"Parameters to set on the Flux operator, - separated by spaces. For example, --git-readonly --git-path=namespaces,workloads. - \ Learn more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Repository Url\",\"description\":\"The URL for the source control repository. - Private repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Enable Helm\",\"description\":\"Indicate whether to enable Helm for this instance - of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart version for installing Flux Helm\",\"description\":\"The version - of the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"0.6.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart parameters for installing Flux Helm\",\"description\":\"Parameters - for the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"--git-readonly\",\"[parameters('operatorParams')]\",\"[concat('--git-readonly - ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(parameters('clusterResourceType'), - 'connectedclusters')]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(parameters('clusterResourceType'), - 'managedclusters')]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft + instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"The name of the operator associated with + this configuration. The instance name can contain up to 353 lower-case alphanumeric + characters, hyphen, or period. If enableHelmOperator is true, then operatorInstanceName + + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"The namespace to use for the configuration operator. + The namespace can contain up to 353 lower-case alphanumeric characters, hyphen, + or period. If enableHelmOperator is true, then operatorInstanceName + operatorNamespace + strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --git-path=namespaces,workloads. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Private + repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1538 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d7658b2-e827-49c3-a2ae-6d2bd0b45874\"},{\"properties\":{\"displayName\":\"Virtual @@ -10440,12 +16375,21 @@ interactions: a required tag and its value. Does not apply to resource groups.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Tags\"},\"parameters\":{\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"not\":{\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Key - vault should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting + parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Synapse + workspace. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network#appendix-dns-registration-for-private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Target sub resource the private endpoint + connects to\"},\"allowedValues\":[\"Dev\",\"Sql\",\"SqlOnDemand\"],\"defaultValue\":\"Dev\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('targetSubResource')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"synapse-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\"},{\"properties\":{\"displayName\":\"Key + vaults should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault - can lead to permanent data loss. Soft delete allows you to recover an accidently - deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Key + can lead to permanent data loss. Soft delete allows you to recover an accidentally + deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\"},{\"properties\":{\"displayName\":\"Azure API for FHIR should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure @@ -10459,7 +16403,14 @@ interactions: to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be encrypted with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Create + Azure Monitor logs cluster with customer-managed keys encryption. By default, + the log data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance. Customer-managed + key in Azure Monitor gives you more control over the access to you data, see + https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"exists\":\"false\"}]},{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"exists\":\"false\"}]},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVersion\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f68a601-6e6d-4e42-babf-3f643a047ea2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f68a601-6e6d-4e42-babf-3f643a047ea2\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is @@ -10507,13 +16458,32 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f8c20ce-3414-4496-8b26-0e902a1541da\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB account should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - customer-managed keys to control the encryption at rest of the data stored - in Azure Cosmos DB when this is a regulatory or compliance requirement. Customer-managed - keys also deliver double encryption by adding a second layer of encryption - on top of the default one done with service-managed keys. See https://aka.ms/cosmosdb-cmk\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos + Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/cosmosdb-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Microsoft + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Logic + Apps Integration Service Environment should be encrypted with customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + into Integration Service Environment to manage encryption at rest of Logic + Apps data using customer-managed keys. By default, customer data is encrypted + with service-managed keys, but customer-managed keys are commonly required + to meet regulatory compliance standards. Customer-managed keys enable the + data to be encrypted with an Azure Key Vault key created and owned by you. + You have full control and responsibility for the key lifecycle, including + rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/integrationServiceEnvironments\"},{\"field\":\"Microsoft.Logic/integrationServiceEnvironments/encryptionConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption at host to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling + encryption at host helps protect and safeguard your data to meet your organizational + security and compliance commitments. When you enable encryption at host, data + stored on the VM host is encrypted at rest and flows encrypted to the Storage + service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2006457a-48b3-4f7b-8d2e-1532287f9929\"},{\"properties\":{\"displayName\":\"Microsoft @@ -10530,13 +16500,30 @@ interactions: Image Builder templates should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit VM Image Builder templates that do not have a virtual network configured. When a virtual network is not configured, a public IP is created and used - instead which may expose resources directly to the internet and increase the + instead which may directly expose resources to the internet and increase the potential attack surface.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"VM Image Builder\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.VirtualMachineImages/imageTemplates\"},{\"field\":\"Microsoft.VirtualMachineImages/imageTemplates/vmProfile.vnetConfig\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2154edb9-244f-4741-9970-660785bccdaa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Azure File Sync\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public endpoint allows you to restrict access to your Storage Sync Service + resource to requests destined to approved private endpoints on your organization's + network. There is nothing inherently insecure about allowing requests to the + public endpoint, however, you may wish to disable it to meet regulatory, legal, + or organizational policy requirements. You can disable the public endpoint + for a Storage Sync Service by setting the incomingTrafficPolicy of the resource + to AllowVirtualNetworksOnly.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a8cd35-125e-4d13-b82d-2e19b7208bb7\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a9766a-82a5-4747-abb5-650b6dbba6d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a9766a-82a5-4747-abb5-650b6dbba6d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1111 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21de687c-f15e-4e51-bf8d-f35c8619965b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -10576,9 +16563,9 @@ interactions: ports should be closed on your virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Open remote management ports are exposing your VM to a high level of risk from Internet-based attacks. These attacks attempt to brute force credentials to - gain admin access to the machine.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + gain admin access to the machine.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1493 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22b469b3-fccf-42da-aa3b-a28e6fb113ce\"},{\"properties\":{\"displayName\":\"Only @@ -10633,7 +16620,13 @@ interactions: workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Automation account so that it isn't accessible + over the public internet. This configuration helps protect them against data + leakage risks. You can limit exposure of the your Automation account resources + by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Automation\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"value\":false}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1268 - Alternate Storage Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23f6e984-3053-4dfc-ab48-543b764781f5\"},{\"properties\":{\"displayName\":\"Microsoft @@ -10683,9 +16676,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\"},{\"properties\":{\"displayName\":\"Endpoint protection solution should be installed on virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the existence and health of an endpoint protection solution on your virtual - machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1649 - Collaborative Computing Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26d292cc-b0b8-4c29-9337-68abc758bf7b\"},{\"properties\":{\"displayName\":\"Metric @@ -10696,23 +16689,31 @@ interactions: name\",\"description\":\"The metric name that an alert rule must be enabled on\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/alertRules\",\"existenceScope\":\"Subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/alertRules/isEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\"equals\":\"[parameters('metricName')]\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\"equals\":\"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', - field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Enable - Automanage - Azure virtual machine best practices\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Automanage - enrolls, configures, and monitors virtual machines with Azure VM best practice - services. Use this policy to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage - account\",\"description\":\"Select Automanage account from dropdown list. - If this account is outside of the scope of the assignment you must manually - grant 'Contributor' permissions (or similar) on the account to the policy - assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Configure + virtual machines to be onboarded to Azure Automanage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Automanage enrolls, configures, and monitors virtual machines with best practice + as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy + to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage + account\",\"description\":\"The Automanage account is an Azure managed identity + under which virtual machine operations are performed. If this account is outside + of the scope of the assignment you must manually grant 'Contributor' permissions + (or similar) on the account to the policy assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration profile\",\"description\":\"The management services provided are based on whether the machine is intended to be used in a dev/test environment or production.\"},\"allowedValues\":[\"Azure virtual machine best practices \u2013 Production\",\"Azure virtual machine best practices \u2013 Dev/test\"],\"defaultValue\":\"Azure virtual machine - best practices \u2013 Production\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"westus2\",\"westcentralus\",\"westeurope\",\"canadacentral\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), + best practices \u2013 Production\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"eastus2\",\"westus\",\"westus2\",\"centralus\",\"southcentralus\",\"westcentralus\",\"northeurope\",\"westeurope\",\"canadacentral\",\"japaneast\",\"uksouth\",\"australiaeast\",\"australiasoutheast\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"15*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), '/Microsoft.Automanage/', 'default')]\",\"properties\":{\"configurationProfile\":\"[parameters('configurationProfileAssignment')]\",\"accountId\":\"[parameters('automanageAccount')]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/270610db-8c04-438a-a739-e8e6745b22d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"270610db-8c04-438a-a739-e8e6745b22d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1396 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Flow + logs should be enabled for every network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + for flow log resources to verify if flow log status is enabled. Enabling flow + logs allows to log information about IP traffic flowing through network security + group. It can be used for optimizing network flows, monitoring throughput, + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkWatchers/flowLogs\"},{\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27960feb-a23c-4577-8d36-ef8b5f35e0be\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1074 - Access Control For Mobile Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27a69937-af92-4198-9b86-08d355c7e59a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -10736,7 +16737,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"283a4e29-69d5-4c94-b99e-29acf003c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1436 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property shuts down public connectivity such that + Azure SQL Server can only be accessed from a private endpoint. This configuration + disables the public network access for all databases under the Azure SQL Server.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -10754,7 +16760,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"AppServices\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2913021d-f2fd-4f3d-b958-22354e2bdbcb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"Service + Bus Premium namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Service Bus supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Service Bus will use to encrypt data in your namespace. Note that Service + Bus only supports encryption with customer-managed keys for premium namespaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"},{\"not\":{\"field\":\"Microsoft.ServiceBus/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"295fc8b1-dc9f-4f53-9c61-3f313ceab40a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -10775,8 +16789,8 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"},{\"properties\":{\"displayName\":\"Storage accounts should restrict network access using virtual network rules\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Protect your storage accounts from potential threats using virtual network rules as - a preferred method to IP-based filtering. Disallowing IP-based filtering prevents - public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"},{\"count\":{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]\"},\"greaterOrEquals\":1}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -10807,14 +16821,22 @@ interactions: ',', 'Audit Authorization Policy Change;ExpectedValue', '=', parameters('AuditAuthorizationPolicyChange')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a7a701e-dff3-4da9-9ec5-42cb98594c0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1274 - Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Synapse + workspace auditing settings should have action groups configured to capture + critical activities\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure your audit logs are as thorough as possible, the AuditActionsAndGroups + property should include all the relevant groups. We recommend adding at least + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, + and BATCH_COMPLETED_GROUP. This is sometimes required for compliance with + regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"FAILED_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"BATCH_COMPLETED_GROUP\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b18f286-371e-4b80-9887-04759970c0d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b18f286-371e-4b80-9887-04759970c0d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1603 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b909c26-162f-47ce-8e15-0c1f55632eac\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should enable data encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using data encryption. For each Cognitive Services account with storage, should enable data encryption @@ -10885,7 +16907,21 @@ interactions: auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Managed + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Public + network access on Azure IoT Hub should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure IoT Hub should use customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encryption + of data at rest in IoT Hub with customer-managed key adds a second layer of + encryption on top of the default service-managed keys, enables customer control + of keys, custom rotation policies, and ability to manage access to data through + key access control. Customer-managed keys must be configured during creation + of IoT Hub. For more information on how to configure customer-managed keys, + see https://aka.ms/iotcmk.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"lessOrEquals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\"},{\"properties\":{\"displayName\":\"Managed workspace virtual network on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling a managed workspace virtual network ensures that your workspace is network isolated from other workspaces. Data integration and Spark resources deployed @@ -10948,7 +16984,13 @@ interactions: Defender for Storage provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cache for Redis resource so that it's + not accessible over the public internet. This helps protect the cache against + data leakage risks.\",\"metadata\":{\"category\":\"Cache\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17\"],\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-06-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/30b3dfa5-a70d-4c8e-bed6-0083858f663d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"30b3dfa5-a70d-4c8e-bed6-0083858f663d\"},{\"properties\":{\"displayName\":\"Audit Windows machines missing any of specified members in the Administrators group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators @@ -10986,14 +17028,21 @@ interactions: Greater Risk\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"31b752c1-05a9-432a-8fce-c39b56550119\"},{\"properties\":{\"displayName\":\"[Preview]: - Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"Microsoft + Log Analytics Agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Windows OS to + add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Linux OS to add + to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"API + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of an API app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/324c7761-08db-4474-9661-d1039abc92ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"324c7761-08db-4474-9661-d1039abc92ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1587 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32820956-9c6d-4376-934c-05cd8525be7c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11108,7 +17157,12 @@ interactions: '/AzurePolicyforLinux')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforLinux\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3470477a-b35a-49db-aca5-1073d04524fe\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1151 - System Interconnections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Azure + Synapse workspaces should allow outbound data traffic only to approved targets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Increase + security of your Synapse workspace by allowing outbound data traffic only + to approved targets. This helps prevention against data exfiltration by validating + the target before sending data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"field\":\"Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.preventDataExfiltration\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3484ce98-c0c5-4c83-994b-c5ac24785218\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1412 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3492d949-0dbb-4589-88b3-7b59601cc764\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11121,22 +17175,22 @@ interactions: accounts should restrict network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To - allow connections from specific internet or on-premise clients, access can + allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet - IP address ranges\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + IP address ranges\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34c877ad-507e-4c82-993e-3452a6e0ad3c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Resource logs in Logic Apps should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Logic + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Logic Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1210 - Configuration Settings\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3502c968-c490-4570-8167-1476f955e9b8\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -11355,7 +17409,7 @@ interactions: implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36b0ef30-366f-4b1b-8652-a3511df11f53\"},{\"properties\":{\"displayName\":\"Deploy Threat Detection on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This - policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), + policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), '/Default')]\",\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"emailAccountAdmins\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -11415,7 +17469,24 @@ interactions: servers;ExpectedValue\",\"value\":\"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid topics to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36ea4b4b-0f7f-4a54-89fa-ab18f555a172\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/domains/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"domain\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36f4658a-848a-467b-881c-e6fa20cf75fc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36f4658a-848a-467b-881c-e6fa20cf75fc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36fbe499-f2f2-41b6-880e-52d7ea1d94a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -11447,15 +17518,15 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.Storage/StorageAccounts\"]},{\"value\":\"[field('type')]\",\"equals\":\"Microsoft.ClassicStorage/storageAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Resource logs in IoT Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Internet + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Internet of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Windows Guest Configuration extension to Windows virtual @@ -11546,7 +17617,16 @@ interactions: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3abeb944-26af-43ee-b83d-32aaf060fb94\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1548 - Vulnerability Scanning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Azure + Synapse workspaces, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-with-private-links.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Dev\"],\"requestMessage\":\"Auto + approved by policy assignment\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b3b0c27-08d2-4b32-879d-19930bee3266\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b3b0c27-08d2-4b32-879d-19930bee3266\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11558,14 +17638,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"operationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operation Name\",\"description\":\"Security Operation name for which activity log alert should exist\"},\"allowedValues\":[\"Microsoft.Security/policies/write\",\"Microsoft.Security/securitySolutions/write\",\"Microsoft.Security/securitySolutions/delete\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/ActivityLogAlerts\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/enabled\",\"equals\":\"true\"},{\"count\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"Security\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"[parameters('operationName')]\"}]}]}},\"equals\":2},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"}},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b980d31-7904-4bb7-8575-5665739a8052\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machine scale sets if the VM Image (OS) - is in the list defined and the agent is not installed. The list of OS images - will be updated over time as support is updated. Note: if your scale set upgradePolicy - is set to Manual, you need to apply the extension to the all virtual machines - in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), + - Configure Dependency agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machine scale sets if the virtual machine + image is in the list defined and the agent is not installed. If your scale + set upgradePolicy is set to Manual, you need to apply the extension to all + the virtual machines in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"},{\"properties\":{\"displayName\":\"PostgreSQL server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual @@ -11574,28 +17655,28 @@ interactions: Azure boundary. This policy provides a way to audit if the Azure Database for PostgreSQL has virtual network service endpoint being used.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c14b034-bcb6-4905-94e7-5b8e98a47b65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c14b034-bcb6-4905-94e7-5b8e98a47b65\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets if the VM Image - (OS) is in the list defined and the agent is not installed. The list of OS - images will be updated over time as support is updated. Note: if your scale - set upgradePolicy is set to Manual, you need to apply the extension to the - all VMs in the set by calling upgrade on them. In CLI this would be az vmss - update-instances.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machine scale sets if the virtual + machine image is in the list defined and the agent is not installed. If your + scale set upgradePolicy is set to Manual, you need to apply the extension + to all the virtual machine in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c1b3629-c8f8-4bf6-862c-037cb9094038\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the OS vulnerabilities on your virtual machine scale sets to protect them - from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + from attacks.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1621 - Resource Availability\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3cb9f731-744a-4691-a481-ca77b0411538\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11658,7 +17739,13 @@ interactions: to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\",\"16.04-LTS\",\"16.04.0-LTS\",\"14.04.2-LTS\",\"12.04.5-LTS\"]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"OmsAgentForLinux\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('vmName'),'/omsPolicy')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2017-12-01\",\"properties\":{\"publisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"type\":\"OmsAgentForLinux\",\"typeHandlerVersion\":\"1.4\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled - monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"Microsoft + monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"App + Configuration should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d9f5e4c-9947-4579-9539-2a7695fbc187\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1385 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3e495e65-8663-49ca-9b38-9f45e800bc58\"},{\"properties\":{\"displayName\":\"Audit @@ -11787,13 +17874,15 @@ interactions: Managed Control 1202 - Access Restrictions For Change\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40a2a83b-74f2-4c02-ae65-f460a5d2792a\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Machine + Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you'll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit a tag from the subscription if missing\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds the specified tag with its value from the containing subscription when any resource missing this tag is created or updated. Existing resources can be @@ -11819,7 +17908,15 @@ interactions: Monitor should collect activity logs from all regions\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Temp + disks and cache for agent node pools in Azure Kubernetes Service clusters + should be encrypted at host\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + enhance data security, the data stored on the virtual machine (VM) host of + your Azure Kubernetes Service nodes VMs should be encrypted at rest. This + is a common requirement in many regulatory and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"count\":{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"false\"}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41425d9f-d1a5-499a-9932-f8ed8453932c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1263 - Contingency Plan Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41472613-3b05-49f6-8fe8-525af113ce17\"},{\"properties\":{\"displayName\":\"Microsoft @@ -11847,14 +17944,14 @@ interactions: Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Resource logs in Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -11979,7 +18076,13 @@ interactions: Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should use a Private Link enabled SKU\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination which protect your resources + against public data leakage risks. The policy limits you to Private Link enabled + SKUs for Azure SignalR Service. Learn more about private link at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"field\":\"Microsoft.SignalRService/SignalR/sku.tier\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/464a1620-21b5-448d-8ce6-d4ac6d1bc49a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"464a1620-21b5-448d-8ce6-d4ac6d1bc49a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require SQL Server version 12.0\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures all SQL servers use version 12.0. This policy is deprecated because it is no longer possible to create an Azure SQL server with any version @@ -12003,11 +18106,26 @@ interactions: Services accounts should use customer owned storage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"[Preview]: + IoT Hub device provisioning service data should be encrypted using customer-managed + keys (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your IoT Hub device + provisioning service. The data is automatically encrypted at rest with service-managed + keys, but customer-managed keys (CMK) are commonly required to meet regulatory + compliance standards. CMKs enable the data to be encrypted with an Azure Key + Vault key created and owned by you. Learn more about CMK encryption at https://aka.ms/dps/CMK.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47031206-ce96-41f8-861b-6a915f3de284\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47031206-ce96-41f8-861b-6a915f3de284\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Storage + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the Azure Cache for + Redis isn't exposed on the public internet. You can limit exposure of your + Azure Cache for Redis by creating private endpoints instead. Learn more at: + https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"470baccb-7e51-4549-8b1a-3e5be069f663\"},{\"properties\":{\"displayName\":\"Storage accounts should have infrastructure encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted @@ -12016,11 +18134,15 @@ interactions: Cosmos DB key based metadata write access should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to ensure all Azure Cosmos DB accounts disable key based metadata write access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos - DB\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"notEquals\":true}]},\"then\":{\"effect\":\"append\",\"details\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"value\":true}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4750c32b-89c0-46af-bfcb-2e4541a818d5\"},{\"properties\":{\"displayName\":\"Automatic - provisioning of the Log Analytics monitoring agent should be enabled on your - subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - automatic provisioning of the Log Analytics monitoring agent in order to collect - security data\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + DB\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"notEquals\":true}]},\"then\":{\"effect\":\"append\",\"details\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/disableKeyBasedMetadataWriteAccess\",\"value\":true}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4750c32b-89c0-46af-bfcb-2e4541a818d5\"},{\"properties\":{\"displayName\":\"Auto + provisioning of the Log Analytics agent should be enabled on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + monitor for security vulnerabilities and threats, Azure Security Center collects + data from your Azure virtual machines. Data is collected by the Log Analytics + agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads + various security-related configurations and event logs from the machine and + copies the data to your Log Analytics workspace for analysis. We recommend + enabling auto provisioning to automatically deploy the agent to all supported + Azure VMs and any new ones that are created.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"475aae12-b88a-4572-8b36-9b712b2b3a17\"},{\"properties\":{\"displayName\":\"Adaptive application controls for defining safe applications should be enabled on your @@ -12029,9 +18151,16 @@ interactions: on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the - applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Configure + Cognitive Services accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Cognitive Services resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at: https://go.microsoft.com/fwlink/?linkid=2129800.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Disabled\",\"Modify\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2017-04-18')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -12173,13 +18302,15 @@ interactions: Managed Control 1094 - Role-Based Security Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b1853e0-8973-446b-b567-09d901d31a09\"},{\"properties\":{\"displayName\":\"Azure - Event Grid topics should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid topics that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid topics should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid topic instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4c090801-59bc-4454-bb33-e0455133486a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12204,7 +18335,14 @@ interactions: Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"MaximumPasswordAge\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"Function + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a function app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4d0bc837-6eff-477e-9ecd-33bf8d4212a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4d0bc837-6eff-477e-9ecd-33bf8d4212a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -12304,25 +18442,46 @@ interactions: Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints that connect to Batch + accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + DNS records allow private connections to private endpoints. Private endpoint + connections allow secure communication by enabling private connectivity to + Batch accounts without a need for public IP addresses at the source or destination. + For more information on private endpoints and DNS zones in Batch, see https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + private DNS zone to deploy in a new private DNS zone group and link to the + private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"batchAccount\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"batchAccount-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec38ebc-381f-45ee-81a4-acbc4be878f8\"},{\"properties\":{\"displayName\":\"Azure + data factories should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Data + Factory. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/adf-cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/encryption.vaultBaseUrl\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec52d6d-beb7-40c4-9a9e-fe753254690e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1139 - Audit Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ed62522-de00-4dda-9810-5205733d2f34\"},{\"properties\":{\"displayName\":\"A maximum of 3 owners should be designated for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate up to 3 subscription owners in order to reduce - the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f26049b-2c5a-4841-9ff3-d48a26aae475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f34f554-da4b-4786-8d66-7915c90893da\"},{\"properties\":{\"displayName\":\"A - security contact email address should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter - an email address to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f34f554-da4b-4786-8d66-7915c90893da\"},{\"properties\":{\"displayName\":\"Subscriptions + should have a contact email address for security issues\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, set a security contact + to receive email notifications from Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/email\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\"},{\"properties\":{\"displayName\":\"Add a tag to resources\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds @@ -12336,7 +18495,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f9dc7db-30c1-420c-b61a-e1d640128d26\"},{\"properties\":{\"displayName\":\"[Preview]: Storage account public access should be disallowed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Anonymous public read access to containers and blobs in Azure Storage is a convenient - way to share data, but might present security risks. To prevent data breaches + way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.\",\"metadata\":{\"version\":\"2.0.1-preview\",\"category\":\"Storage\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"The effect determines what happens when the policy @@ -12347,16 +18506,53 @@ interactions: is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this - tool for you.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + tool for you.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"550e890b-e652-4d22-8274-60b3bdb24c63\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1485 - Delivery And Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50301354-95d0-4a11-8af5-8039ecf6d38b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Deploy + Workflow Automation for Azure Security Center regulatory compliance\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + automation of Azure Security Center regulatory compliance. This policy deploys + a workflow automation with your conditions and triggers on the assigned scope. + To deploy this policy on newly created subscriptions, open the Compliance + tab, select the relevant non-compliant assignment and create a remediation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\",\"preview + \":true},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name\",\"description\":\"The resource group name where the workflow + automation is created. If you enter a name for a resource group that doesn't + exist, it'll be created in the subscription.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group location\",\"description\":\"The location where the resource group and + the workflow automation are created.\",\"strongType\":\"location\"}},\"regulatoryComplianceStandards\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + standards names\",\"description\":\"For all compliance standards, leave it + empty. For specific compliance standards, enter a list of standards names + separated by semicolons (';'). Compliance standards names are available through + the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"regulatoryComplianceControlStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + control states\",\"description\":\"Determines compliance control states.\"},\"allowedValues\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"],\"defaultValue\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + app trigger\",\"description\":\"The trigger connector of the logic app that + is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an + Azure Security Center regulatory compliance assessment is created or triggered'.\"},\"allowedValues\":[\"Manual + (Incoming HTTP request)\",\"When an Azure Security Center regulatory compliance + assessment is created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets\",\"exists\":false},{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"less\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceControlStates')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\",\"name\":\"regulatoryComplianceControlState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.state\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceControlState')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceControlStates'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceStandards')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\",\"name\":\"regulatoryComplianceStandard\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"id\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceStandard')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceStandards'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"notEquals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('regulatoryComplianceStandards'),parameters('regulatoryComplianceControlStates'))]\"},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\"},\"equals\":\"[mul(2,mul(length(parameters('regulatoryComplianceStandards')),length(parameters('regulatoryComplianceControlStates'))))]\"}]}]}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"regulatoryComplianceStandards\":{\"type\":\"array\"},\"regulatoryComplianceControlStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + for subscription {0}\",\"regulatoryComplianceStandardsLength\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"regulatoryComplianceControlStatesLength\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"regulatoryComplianceStandardsLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsLength'), + 0), 1, variables('regulatoryComplianceStandardsLength'))]\",\"regulatoryComplianceControlStatesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceControlStatesLength'), + 0), 1, variables('regulatoryComplianceControlStatesLength'))]\",\"stateMap\":{\"Failed\":\"failed\",\"Passed\":\"passed\",\"Skipped\":\"skipped\",\"Unsupported\":\"unsupported\"},\"triggerMap\":{\"Manual + (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center regulatory + compliance assessment is created or triggered\":\"When_a_Security_Center_Regulatory_Compliance_Assessment_is_created_or_triggered\"},\"doesAllStatesSelected\":\"[if(equals(length(parameters('regulatoryComplianceControlStates')),length(variables('stateMap'))),bool('true'),bool('false'))]\",\"doesAllStandardsSelected\":\"[if(equals(variables('regulatoryComplianceStandardsLength'),0),bool('true'),bool('false'))]\",\"allRegulatoryComplianceRuleSets\":[],\"customStandardsOrCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsOrCustomStateRuleSetsArr\",\"count\":\"[if(not(variables('doesAllStandardsSelected')),variables('regulatoryComplianceStandardsLength'),if(not(variables('doesAllStatesSelected')),variables('regulatoryComplianceControlStatesLength'),1))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(not(variables('doesAllStandardsSelected')),'id',if(not(variables('doesAllStatesSelected')),'properties.state',json('null')))]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],json('null')))]\",\"operator\":\"[if(not(variables('doesAllStandardsSelected')),'Contains',if(not(variables('doesAllStatesSelected')),'Equals',json('null')))]\"}]}}]},\"customStandardsAndCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsAndCustomStateRuleSetsArr\",\"count\":\"[if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),mul(variables('regulatoryComplianceStandardsLength'),variables('regulatoryComplianceControlStatesLength')),1)]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[mod(div(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength')), variables('regulatoryComplianceStandardsLength'))],json('null'))]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.state\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[mod(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength'))],json('null'))]\",\"operator\":\"Equals\"}]}}]},\"sourceRuleSets\":\"[if(and(variables('doesAllStandardsSelected'),variables('doesAllStatesSelected')),variables('allRegulatoryComplianceRuleSets'),if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),variables('customStandardsAndCustomStateRuleSets').customStandardsAndCustomStateRuleSetsArr,variables('customStandardsOrCustomStateRuleSets').customStandardsOrCustomStateRuleSetsArr))]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', + parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"[parameters('automationName')]\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Workflow + Automation for Azure Security Center recommendations via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":[{\"eventSource\":\"RegulatoryComplianceAssessment\",\"ruleSets\":\"[variables('sourceRuleSets')]\"}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"regulatoryComplianceStandards\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\"},\"regulatoryComplianceControlStates\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/509122b9-ddd9-47ba-a5f1-d0dac20be63c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"509122b9-ddd9-47ba-a5f1-d0dac20be63c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1566 - System Development Life Cycle\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50ad3724-e2ac-4716-afcc-d8eabd97adb9\"},{\"properties\":{\"displayName\":\"A @@ -12377,7 +18573,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50fc602d-d8e0-444b-a039-ad138ee5deb0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1386 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Bot + Service should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Bot Service automatically encrypts your resource to protect your data and + meet organizational security and compliance commitments. By default, Microsoft-managed + encryption keys are used. For greater flexibility in managing keys or controlling + access to your subscription, select customer-managed keys, also known as bring + your own key (BYOK). Learn more about Azure Bot Service encryption: https://docs.microsoft.com/azure/bot-service/bot-service-encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/isCmekEnabled\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/51522a96-0869-4791-82f3-981000c2c67f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"51522a96-0869-4791-82f3-981000c2c67f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1352 - Incident Response Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"518cb545-bfa8-43f8-a108-3b7d5037469a\"},{\"properties\":{\"displayName\":\"Azure @@ -12385,7 +18589,13 @@ interactions: Defender for Kubernetes provides real-time threat protection for containerized environments and generates alerts for suspicious activities.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Synapse + workspaces should be configured with 90 days auditing retention or higher.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"For + incident investigation purposes, we recommend setting the data retention for + your Synapse workspace' audit to at least 90 days. Confirm that you're meeting + the necessary retention rules for the regions in which you're operating. This + is sometimes required for compliance with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/529ea018-6afc-4ed4-95bd-7c9ee47b00bc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"529ea018-6afc-4ed4-95bd-7c9ee47b00bc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1642 - Network Disconnect\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53397227-5ee3-4b23-9e5e-c8a767ce6928\"},{\"properties\":{\"displayName\":\"Connection @@ -12394,12 +18604,14 @@ interactions: throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"connection_throttling\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5345bb39-67dc-4960-a1bf-427e16b9a0bd\"},{\"properties\":{\"displayName\":\"Azure - SignalR Service should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure SignalR Service resources that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft + SignalR Service should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your SignalR resources + instead of the entire service, you'll also be protected against data leakage + risks .Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1467 - Visitor Access Records\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5350cbf9-8bdd-4904-b22a-e88be84ca49d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12426,11 +18638,11 @@ interactions: Managed Control 1045 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\"},{\"properties\":{\"displayName\":\"[Preview]: - Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The - key vault firewall prevents unauthorized traffic from reaching your key vault + Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Key + vault's firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the - key vault firewall to make sure that only traffic from allowed networks can - access your key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + firewall to make sure that only traffic from allowed networks can access your + key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"field\":\"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"55615ac9-af46-4a59-874e-391cc3dfb490\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1523 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -12440,10 +18652,24 @@ interactions: Capacity\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"562afd61-56be-4313-8fe4-b9564aa4ba7d\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Application Gateway. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Microsoft + Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Azure + Automation accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Automation + Accounts. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/automation-cmk.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.Keyvault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56a5ee18-2ae6-4810-86f7-18e39ce5629b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -12460,18 +18686,21 @@ interactions: Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Audit - Windows web servers that are not using secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the registry key - HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols - includes protocols less secure than what is selected in the policy parameter.\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Windows + web servers should be configured to use secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"MinimumTLSVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Minimum TLS version\",\"description\":\"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as - non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', + non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', '=', parameters('MinimumTLSVersion')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5752e6d6-1206-46d8-8ab1-ecc2f71a8112\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1162 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -12493,7 +18722,15 @@ interactions: of critical processes.\"},\"allowedValues\":[\"No Auditing\",\"Success\",\"Failure\",\"Success and Failure\"],\"defaultValue\":\"No Auditing\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Audit - Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"Microsoft + Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"CosmosDB + accounts should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your CosmosDB account, data + leakage risks are reduced. Learn more about private links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58440f8a-10c5-4151-bdce-dfbaad4a20b7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58440f8a-10c5-4151-bdce-dfbaad4a20b7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1584 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5864522b-ff1d-4979-a9f8-58bee1fb174c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12592,12 +18829,13 @@ interactions: Managed Control 1433 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b879b41-2728-41c5-ad24-9ee2c37cbe65\"},{\"properties\":{\"displayName\":\"Container - registries should be encrypted with a customer-managed key (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - or deny container registries that do not have encryption enabled with customer-managed - keys (CMK). Azure automatically encrypts registry contents at rest with service-managed - keys. You can supplement default encryption with an additional encryption - layer using a key that you create and manage in Azure Key Vault. For more - information on CMK encryption, please visit: https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Container + registries should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.2\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/encryption.status\",\"notEquals\":\"enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\"},{\"properties\":{\"displayName\":\"Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client @@ -12643,16 +18881,16 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Audit - Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Log + Analytics agent should be enabled in virtual machine scale sets for listed + virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1671 - Flaw Remediation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5bbef7-a316-415b-9b38-29753ce8e698\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12661,9 +18899,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5e54f6-0127-44d0-8b61-f31dc8dd6190\"},{\"properties\":{\"displayName\":\"External accounts with write permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with write privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1483 - Water Damage Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5cb81060-3c8a-4968-bcdc-395a1801f6c1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12731,27 +18969,67 @@ interactions: '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"},{\"properties\":{\"displayName\":\"[Preview]: Private endpoint should be configured for Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - link provides a way to connect key vault to your Azure resources without sending + link provides a way to connect Key Vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection - against data exfiltration.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + against data exfiltration.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Vulnerabilities + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Azure + Machine Learning workspaces should use user-assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manange + access to Azure ML workspace and associated resources, Azure Container Registry, + KeyVault, Storage, and App Insights using user-assigned managed identity. + By default, system-assigned managed identity is used by Azure ML workspace + to access the associated resources. User-assigned managed identity allows + you to create the identity as an Azure resource and maintain the life cycle + of that identity. Learn more at https://docs.microsoft.com/azure/machine-learning/how-to-use-managed-identities?tabs=python.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"exists\":false},{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0c7d88-c7de-45b8-ac49-db49e72eaa78\"},{\"properties\":{\"displayName\":\"Vulnerabilities in Azure Container Registry images should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Container image vulnerability assessment scans your registry for security vulnerabilities on each pushed container image and exposes detailed findings for each image (powered by Qualys). Resolving the vulnerabilities can greatly improve your - containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"equals\":\"Healthy\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f18c885-ade3-48c5-80b1-8f9216019c18\"},{\"properties\":{\"displayName\":\"External accounts with read permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with read privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityLinuxAgent\":\"[concat('deployAzureSecurityLinuxAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityLinuxAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityLinuxAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityLinuxAgent\",\"typeHandlerVersion\":\"2.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f8eb305-9c9f-4abe-9bb0-df220d9faba2\"},{\"properties\":{\"displayName\":\"[Deprecated]: Audit Windows virtual machines on which the Windows Guest Configuration extension is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits Windows virtual machines hosted in Azure that are supported @@ -12868,7 +19146,25 @@ interactions: toLower('microsoft.hybridcompute/machines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), - '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Service + '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Configure + private endpoints for App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints let you connect your virtual network to Azure services without a + public IP address at the source or destination. By mapping private endpoints + to your app configuration instances, data leakage risks are reduced. Learn + more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"configurationStores\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/614ffa75-862c-456e-ad8b-eaa1b0844b07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"614ffa75-862c-456e-ad8b-eaa1b0844b07\"},{\"properties\":{\"displayName\":\"Bot + Service endpoint should be a valid HTTPS URI\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission. Protocols exist that provide encryption + to address problems of misuse and tampering. To ensure your bots are communicating + only over encrypted channels, set the endpoint to a valid HTTPS URI. This + ensures the HTTPS protocol is used to encrypt your data in transit and is + also often a requirement for compliance with regulatory or industry standards. + Please visit: https://docs.microsoft.com/azure/bot-service/bot-builder-security-guidelines.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/endpoint\",\"notLike\":\"https://*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6164527b-e1ee-4882-8673-572f425f5e0a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6164527b-e1ee-4882-8673-572f425f5e0a\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the @@ -12912,7 +19208,15 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"WorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Connected workspace IDs\",\"description\":\"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"}}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId', - '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Microsoft + '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Modify + Azure SignalR Service resources to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"Audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"value\":\"Deny\"},{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"value\":[]}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62a3ae95-8169-403e-a2d2-b82141448092\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62a3ae95-8169-403e-a2d2-b82141448092\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62b638c5-29d7-404b-8d93-f21e4b1ce198\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12933,12 +19237,13 @@ interactions: if it can't establish a connection.\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsRemoteConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[WindowsRemoteConnection]WindowsRemoteConnection1;host', '=', parameters('host'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;port', '=', parameters('port'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect', - '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Audit - Linux machines that are not using SSH key for authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if Non-compliant if - the machine allows passwords for authenticating through SSH\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Authentication + to Linux machines should require SSH keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Although + SSH itself provides an encrypted connection, using passwords with SSH still + leaves the VM vulnerable to brute-force attacks. The most secure option for + authenticating to an Azure Linux virtual machine over SSH is with a public-private + key pair, also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxNoPasswordForSSH\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630c64f9-8b6b-4c64-b511-6544ceff6fd6\"},{\"properties\":{\"displayName\":\"Microsoft @@ -12976,7 +19281,15 @@ interactions: Allowed to format and eject removable media;ExpectedValue\",\"value\":\"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure HDInsight + clusters. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/hdi.cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.keyName\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/64d314f6-6062-4780-a861-c23e8951bee5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"64d314f6-6062-4780-a861-c23e8951bee5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6519d7f3-e8a2-4ff3-a935-9a9497152ad7\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13017,12 +19330,14 @@ interactions: Managed Control 1319 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"66f7ae57-5560-4fc5-85c9-659f204e7a42\"},{\"properties\":{\"displayName\":\"Cognitive - Services accounts should enable data encryption with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed - keys provide enhanced data protection by allowing you to manage your encryption - keys for data stored in Cognitive Services. This is often required to meet - compliance requirements.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cognitive + Services accounts should enable data encryption with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed keys at https://go.microsoft.com/fwlink/?linkid=2121321.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*]\",\"where\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*].name\",\"equals\":\"CustomerManagedKey\"}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67de62b4-a737-4781-8861-3baed3c35069\"},{\"properties\":{\"displayName\":\"Windows @@ -13050,7 +19365,17 @@ interactions: insecure guest logons;ExpectedValue', '=', parameters('EnableInsecureGuestLogons'), ',', 'Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue', '=', parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'), - ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"Microsoft + ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked service resource type should be in allow list\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Define + the allow list of Azure Data Factory linked service types. Restricting allowed + resource types enables control over the boundary of data movement. For example, + restrict a scope to only allow blob storage with Data Lake Storage Gen1 and + Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time + queries.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"allowedLinkedServiceResourceTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed linked service resource types\",\"description\":\"The list of allowed + linked service resource types.\"},\"allowedValues\":[\"AdlsGen2CosmosStructuredStream\",\"AdobeExperiencePlatform\",\"AdobeIntegration\",\"AmazonRedshift\",\"AmazonS3\",\"AzureBlobFS\",\"AzureBlobStorage\",\"AzureDataExplorer\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureDataShare\",\"AzureFileStorage\",\"AzureKeyVault\",\"AzureMariaDB\",\"AzureMySql\",\"AzurePostgreSql\",\"AzureSearch\",\"AzureSqlDatabase\",\"AzureSqlDW\",\"AzureSqlMI\",\"AzureTableStorage\",\"Cassandra\",\"CommonDataServiceForApps\",\"CosmosDb\",\"CosmosDbMongoDbApi\",\"Db2\",\"DynamicsCrm\",\"FileServer\",\"FtpServer\",\"GitHub\",\"GoogleCloudStorage\",\"Hdfs\",\"Hive\",\"HttpServer\",\"Informix\",\"Kusto\",\"MicrosoftAccess\",\"MySql\",\"Netezza\",\"Odata\",\"Odbc\",\"Office365\",\"Oracle\",\"PostgreSql\",\"Salesforce\",\"SalesforceServiceCloud\",\"SapBw\",\"SapHana\",\"SapOpenHub\",\"SapTable\",\"Sftp\",\"SharePointOnlineList\",\"Snowflake\",\"SqlServer\",\"Sybase\",\"Teradata\",\"HDInsightOnDemand\",\"HDInsight\",\"AzureDataLakeAnalytics\",\"AzureBatch\",\"AzureFunction\",\"AzureML\",\"AzureMLService\",\"MongoDb\",\"GoogleBigQuery\",\"Impala\",\"ServiceNow\",\"Dynamics\",\"AzureDatabricks\",\"AmazonMWS\",\"SapCloudForCustomer\",\"SapEcc\",\"Web\",\"MongoDbAtlas\",\"HBase\",\"Spark\",\"Phoenix\",\"PayPal\",\"Marketo\",\"Responsys\",\"SalesforceMarketingCloud\",\"Presto\",\"Square\",\"Xero\",\"Jira\",\"Magento\",\"Shopify\",\"Concur\",\"Hubspot\",\"Zoho\",\"Eloqua\",\"QuickBooks\",\"Couchbase\",\"Drill\",\"Greenplum\",\"MariaDB\",\"Vertica\",\"MongoDbV2\",\"OracleServiceCloud\",\"GoogleAdWords\",\"RestService\",\"DynamicsAX\",\"AzureDataCatalog\",\"AzureDatabricksDeltaLake\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"notIn\":\"[parameters('allowedLinkedServiceResourceTypes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6809a3d0-d354-42fb-b955-783d207c62a8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6809a3d0-d354-42fb-b955-783d207c62a8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -13169,9 +19494,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\"},{\"properties\":{\"displayName\":\"Deprecated accounts should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are - accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Service Bus to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Service Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is created @@ -13192,16 +19517,51 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationalLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b51af03-9277-49a9-a3f8-1c69c9ff7403\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1031 - Separation Of Duties\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Not - allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This - policy enables you to specify the resource types that your organization cannot - deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Vulnerabilities + on your SQL servers on machine should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + Vulnerability Assessment scans your database for security vulnerabilities, + and exposes any deviations from best practices such as misconfigurations, + excessive permissions, and unprotected sensitive data. Resolving the vulnerabilities + found can greatly improve your database security posture.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f97aa83c-9b63-4f9a-99f6-b22c4398f936\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\"},{\"properties\":{\"displayName\":\"Not + allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict + which resource types can be deployed in your environment. Limiting resource + types can reduce the complexity and attack surface of your environment while + also helping to manage costs. Compliance results are only shown for non-compliant + resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of resource types that cannot be deployed.\",\"displayName\":\"Not allowed - resource types\",\"strongType\":\"resourceTypes\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft + resource types\",\"strongType\":\"resourceTypes\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},{\"value\":\"[field('type')]\",\"exists\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Kubernetes Service to stream resource logs + to a Log Analytics workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKubernetesDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Azure Kubernetes Service should be connected to\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AllMetrics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-apiserver\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-apiserver + - Enabled\",\"description\":\"Whether to stream kube-apiserver logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit + - Enabled\",\"description\":\"Whether to stream kube-audit logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-controller-manager\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-controller-manager + - Enabled\",\"description\":\"Whether to stream kube-controller-manager logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-scheduler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-scheduler + - Enabled\",\"description\":\"Whether to stream kube-scheduler logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"cluster-autoscaler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"cluster-autoscaler + - Enabled\",\"description\":\"Whether to stream cluster-autoscaler logs to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit-admin\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit-admin + - Enabled\",\"description\":\"Whether to stream kube-audit-admin logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"guard\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"guard + - Enabled\",\"description\":\"Whether to stream guard logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AllMetrics\":{\"type\":\"string\"},\"kube-apiserver\":{\"type\":\"string\"},\"kube-audit\":{\"type\":\"string\"},\"kube-controller-manager\":{\"type\":\"string\"},\"kube-scheduler\":{\"type\":\"string\"},\"cluster-autoscaler\":{\"type\":\"string\"},\"kube-audit-admin\":{\"type\":\"string\"},\"guard\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.ContainerService/managedClusters/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetrics')]\"}],\"logs\":[{\"category\":\"kube-apiserver\",\"enabled\":\"[parameters('kube-apiserver')]\"},{\"category\":\"kube-audit\",\"enabled\":\"[parameters('kube-audit')]\"},{\"category\":\"kube-controller-manager\",\"enabled\":\"[parameters('kube-controller-manager')]\"},{\"category\":\"kube-scheduler\",\"enabled\":\"[parameters('kube-scheduler')]\"},{\"category\":\"cluster-autoscaler\",\"enabled\":\"[parameters('cluster-autoscaler')]\"},{\"category\":\"kube-audit-admin\",\"enabled\":\"[parameters('kube-audit-admin')]\"},{\"category\":\"guard\",\"enabled\":\"[parameters('guard')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"guard\":{\"value\":\"[parameters('guard')]\"},\"AllMetrics\":{\"value\":\"[parameters('AllMetrics')]\"},\"kube-apiserver\":{\"value\":\"[parameters('kube-apiserver')]\"},\"kube-audit\":{\"value\":\"[parameters('kube-audit')]\"},\"kube-scheduler\":{\"value\":\"[parameters('kube-scheduler')]\"},\"kube-controller-manager\":{\"value\":\"[parameters('kube-controller-manager')]\"},\"cluster-autoscaler\":{\"value\":\"[parameters('cluster-autoscaler')]\"},\"kube-audit-admin\":{\"value\":\"[parameters('kube-audit-admin')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c66c325-74c8-42fd-a286-a74b0e2939d8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -13230,17 +19590,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dab4254-c30d-4bb7-ae99-1d21586c063c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1651 - Mobile Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Enable + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts with private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. You + need private DNS zone properly configured to connect to Azure Automation account + via Azure Private Link. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint group id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"automationAccounts-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dd01e4f-1be1-4e80-9d0b-d109e04cb064\"},{\"properties\":{\"displayName\":\"Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace.\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using ASC default workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6df2fee6-a9ed-4fef-bced-e13be1b25f1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6df2fee6-a9ed-4fef-bced-e13be1b25f1c\"},{\"properties\":{\"displayName\":\"Email - notification for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - emailing security alerts to the security contact, in order to have them receive - security alert emails from Microsoft. This ensures that the right people are - aware of any potential security issues and are able to mitigate the risks\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + notification for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure the relevant people in your organization are notified when there is + a potential security breach in one of your subscriptions, enable email notifications + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertNotifications\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e2593d9-add6-4083-9c9b-4b7d2188c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1586 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -13254,20 +19623,58 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e8f9566-29f1-49cd-b61f-f8628a3cf993\"},{\"properties\":{\"displayName\":\"Storage account should use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private links enforce secure communication, by providing private connectivity to the - storage account\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft + storage account\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1460 - Access Control For Output Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f3ce1bb-4f77-4695-8355-70b08d54fdda\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1320 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Storage - account should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure - your storage account with greater flexibility using customer-managed keys - (CMKs). When you specify a CMK, that key is used to protect and control access - to the key that encrypts your data. Using CMKs provides additional capabilities - to control rotation of the key encryption key or cryptographically erase data.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for storage accounts to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for storage accounts to stream resource logs to a + Log Analytics workspace when any storage account which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"category\":\"Storage\",\"version\":\"1.1.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"storageAccountsDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the storage account should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"StorageDelete\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageDelete + - Enabled\",\"description\":\"Whether to stream StorageDelete logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageWrite\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageWrite + - Enabled\",\"description\":\"Whether to stream StorageWrite logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageRead\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageRead + - Enabled\",\"description\":\"Whether to stream StorageRead logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Transaction\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Transaction + - Enabled\",\"description\":\"Whether to stream Transaction logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Transaction\":{\"type\":\"string\"},\"StorageRead\":{\"type\":\"string\"},\"StorageWrite\":{\"type\":\"string\"},\"StorageDelete\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.storage/storageAccounts/blobServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/fileServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/tableServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/queueServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"Transaction\":{\"value\":\"[parameters('Transaction')]\"},\"StorageDelete\":{\"value\":\"[parameters('StorageDelete')]\"},\"StorageWrite\":{\"value\":\"[parameters('StorageWrite')]\"},\"StorageRead\":{\"value\":\"[parameters('StorageRead')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f8f98a4-f108-47cb-8e98-91a0d85cd474\"},{\"properties\":{\"displayName\":\"Storage + accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Workbooks + should be saved to storage accounts that you control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + bring your own storage (BYOS), your workbooks are uploaded into a storage + account that you control. That means you control the encryption-at-rest policy, + the lifetime management policy, and network access. You will, however, be + responsible for the costs associated with that storage account. For more information, + visit https://aka.ms/workbooksByos\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Audit, + Deny, or Disable the execution of this policy\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"microsoft.insights/workbooks\"},{\"field\":\"microsoft.insights/workbooks/storageUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fc8115b-2008-441f-8c61-9b722c1e537f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fc8115b-2008-441f-8c61-9b722c1e537f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/topics/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"topic\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fdefbf4-93e7-4513-bc95-c1858b7093e0\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -13284,14 +19691,22 @@ interactions: or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"[Deprecated]: + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"OS + and data disks should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your managed disks. By default, the data is encrypted at rest with platform-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"value\":\"[length(field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"true\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]'))]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"anyOf\":[{\"count\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]\",\"where\":{\"value\":\"[length(current('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"exists\":\"true\"}}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"702dd420-7fcc-42c5-afe8-4026edd20fe0\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. @@ -13482,13 +19897,13 @@ interactions: or to include additional functionality. Using the latest Python version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this - policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7238174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the WEB app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws @@ -13499,7 +19914,15 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Preview]: + Windows machines should meet requirements of the Azure Security Center baseline\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires + that prerequisites are deployed to the policy assignment scope. For details, + visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not + configured correctly for one of the recommendations in the Azure Security + Center baseline.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureWindowsBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Include Arc connected servers\",\"description\":\"By selecting this option, + you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureWindowsBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -13526,7 +19949,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"726aca4c-86e9-4b04-b0c5-073027359532\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoints can be configured to connect privately to an Azure Synapse workspace. - This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"count\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72d11df1-dd8a-41f7-8925-b05b960ebafc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72d11df1-dd8a-41f7-8925-b05b960ebafc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1524 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -13537,7 +19960,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"731856d8-1598-4b75-92de-7d46235747c0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Configure + App Configuration to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for App Configuration so that it isn't accessible over + the public internet. This configuration helps protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73290fa2-dfa7-4bbb-945d-a5e23b75df2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73290fa2-dfa7-4bbb-945d-a5e23b75df2c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1456 - Physical Access Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"733ba9e3-9e7c-440a-a7aa-6196a90a2870\"},{\"properties\":{\"displayName\":\"Deploy @@ -13546,7 +19977,7 @@ interactions: workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation - task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow automation is created. If you enter a name for a resource group that doesn't @@ -13556,8 +19987,7 @@ interactions: IDs\",\"description\":\"For all recommendations, leave empty. For specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/en-us/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"recommendationStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation states\",\"description\":\"Determines recommendation states. Recommendations @@ -13566,13 +19996,14 @@ interactions: detects it as healthy. A recommendation is not-applicable if, for example, it was disabled in the Security Policy. Example: Healthy;Unhealthy;Not Applicable;\"},\"allowedValues\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"],\"defaultValue\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Recommendation is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Recommendation is - created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(if(equals(length(parameters('recommendationNames')),0),array('Microsoft.Security/assessments'),parameters('recommendationNames')),parameters('recommendationSeverities'),if(contains(parameters('recommendationStates'),'Not + Applicable'),union(parameters('recommendationStates'), array('notapplicable')),parameters('recommendationStates')))]\"},{\"count\":{\"value\":\"[parameters('recommendationSeverities')]\",\"name\":\"recommendationSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.metadata.severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationSeverity')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationSeverities'))]\"},{\"count\":{\"value\":\"[parameters('recommendationStates')]\",\"name\":\"recommendationState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.status.code\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[replace(current('recommendationState'), + ' ','')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationSeverities')))]\"}},\"equals\":\"[length(parameters('recommendationStates'))]\"},{\"count\":{\"value\":\"[parameters('recommendationNames')]\",\"name\":\"recommendationName\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"name\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationName')]\"}]}},\"equals\":\"[mul(length(parameters('recommendationSeverities')),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationNames'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"recommendationStatesLength\":\"[length(parameters('recommendationStates'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"recommendationStatesLengthIfEmpty\":\"[if(equals(variables('recommendationStatesLength'), @@ -13589,15 +20020,25 @@ interactions: variables('totalRuleCombinationsForOneRecommendationName')), variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationSeverity')), variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"},{\"propertyJPath\":\"properties.status.code\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('stateMap')[parameters('recommendationStates')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationState')), variables('recommendationStatesLength'))]]]\",\"operator\":\"Contains\"}]}}]}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), - '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"Microsoft + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"API + Management service should use a SKU that supports virtual networks\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of API Management, deploying service into a virtual network + unlocks advanced API Management networking and security features which provides + you greater control over your network security configuration. Learn more at: + https://aka.ms/apimvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + list of SKUs that can be specified for Azure API Management service.\",\"displayName\":\"Allowed + SKUs\"},\"allowedValues\":[\"Developer\",\"Basic\",\"Standard\",\"Premium\",\"Isolated\",\"Consumption\"],\"defaultValue\":[\"Developer\",\"Premium\",\"Isolated\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ApiManagement/service\"},{\"not\":{\"field\":\"Microsoft.ApiManagement/service/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73ef9241-5d81-4cd4-b483-8443d1730fe5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1581 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"742b549b-7a25-465f-b83c-ea1ffb4f4e0e\"},{\"properties\":{\"displayName\":\"Allowed storage account SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of storage account SKUs that your organization - can deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + can deploy.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of SKUs that can be specified for storage accounts.\",\"displayName\":\"Allowed - SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft + SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\"},{\"properties\":{\"displayName\":\"Ensure @@ -13606,14 +20047,19 @@ interactions: or to include additional functionality. Using the latest Python version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Microsoft + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Batch accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access on a Batch account improves security by ensuring your + Batch account can only be accessed from a private endpoint. Learn more about + disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c5a0ae-5e48-4738-b093-65e23a060488\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7522ed84-70d5-4181-afc0-21e50b1b6d0e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -13629,7 +20075,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75603f96-80a1-4757-991d-5a1221765ddd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Private + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Configure + Azure Migrate resources to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Migrate + project. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Migrate\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"Default\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/assessmentProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/migrateProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.OffAzure/masterSites\"}]}]}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"default-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7590a335-57cf-4c95-babd-ecbc8fafeb1f\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MySQL. Configure a private endpoint connection to enable @@ -13638,12 +20092,12 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7595c971-233d-4bcf-bd18-596129188c49\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1459 - Access Control For Transmission Medium\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"Vulnerabilities - should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without - a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy + a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy Dependency agent for Linux virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale @@ -13656,7 +20110,8 @@ interactions: extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure SQL Database should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity - to Azure SQL Database.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft + to Azure SQL Database.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -13678,7 +20133,12 @@ interactions: policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"Virtual + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory should use a Git repository for source control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + source control on data factories, to gain capabilities such as change tracking, + collaboration, continuous integration, and deployment.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"exists\":\"false\"},{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77d40665-3120-4348-b539-3192ec808307\"},{\"properties\":{\"displayName\":\"Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet @@ -13688,7 +20148,13 @@ interactions: Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"AuditIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"equals\":\"[parameters('subnetId')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77e8b146-0078-4fb2-b002-e112381199f0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your Azure Cache for Redis instances, data leakage risks are reduced. Learn + more at: https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Cache/redis/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Cache/redis/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7803067c-7d34-46e3-8c79-0ca68fc4036d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7803067c-7d34-46e3-8c79-0ca68fc4036d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1258 - Contingency Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7814506c-382c-4d33-a142-249dd4a0dbff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13701,7 +20167,16 @@ interactions: Managed Control 1700 - Information System Monitoring | Unauthorized Network Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + Azure Machine Learning workspace, you can reduce data leakage risks. Learn + more about private links at: https://docs.microsoft.com/azure/machine-learning/how-to-configure-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"amlworkspace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7838fd83-5cbb-4b5d-888c-bfa240972597\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7838fd83-5cbb-4b5d-888c-bfa240972597\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1010 - Account Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"784663a8-1eb0-418a-a98c-24d19bc1bb62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13714,7 +20189,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"78e8e649-50f6-4fe3-99ac-fedc2e63b03f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1647 - Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Azure + Cosmos DB should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your CosmosDB account + isn't exposed on the public internet. Creating private endpoints can limit + exposure of your CosmosDB account. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"797b37f7-06b8-444c-b1ad-fc62867f335a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1510 - Position Risk Designation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"79da5b09-0e7e-499e-adda-141b069c7998\"},{\"properties\":{\"displayName\":\"Microsoft @@ -13753,7 +20234,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a1e2c88-13de-4959-8ee7-47e3d74f1f48\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1289 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Configure + private DNS zones for private endpoints connected to App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve app configuration + instances. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"configurationStores\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-azconfig-io\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a860e27-9ca2-4fc6-822d-c2d248c300df\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1687 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a87fc7f-301e-49f3-ba2a-4d74f424fa97\"},{\"properties\":{\"displayName\":\"Allow @@ -13767,16 +20257,22 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ac22808-a2e8-41c4-9d46-429b50738914\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1492 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Azure + Attestation providers should use private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints provide a way to connect Azure Attestation providers to your Azure + resources without sending traffic over the public internet. By preventing + public access, private endpoints help protect against undesired anonymous + access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Attestation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Attestation/attestationProviders\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b256a2d-058b-41f8-bed9-3f870541c40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b256a2d-058b-41f8-bed9-3f870541c40a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Resource logs in Virtual Machine Scale Sets should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It is recommended to enable Logs so that activity trail can be recreated when - investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"includeAKSClusters\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include - AKS Clusters\",\"description\":\"Whether to include AKS Clusters to Diagnostic + AKS Clusters\",\"description\":\"Whether to include AKS Clusters to resource logs extension - True or False\"},\"defaultValue\":false}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":true}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":false},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notEquals\":\"microsoft-aks\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notEquals\":\"aks\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"aks*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"IaaSDiagnostics\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Diagnostics\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"LinuxDiagnostic\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"in\":[\"Microsoft.OSTCExtensions\",\"Microsoft.Azure.Diagnostics\"]}]}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7c1b1214-f927-48bf-8882-84f0af6588b1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require blob encryption for storage accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures blob encryption for storage accounts is turned on. It only @@ -13793,9 +20289,12 @@ interactions: implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\"},{\"properties\":{\"displayName\":\"Azure Cache for Redis should reside within a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure - Cache for Redis has the ability to reside within a virtual network, which - is a way for the resource to have a non-public endpoint controlled and managed - by the user.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},{\"field\":\"Microsoft.Cache/Redis/subnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d092e0a-7acd-40d2-a975-dca21cae48c4\"},{\"properties\":{\"displayName\":\"Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encrypting @@ -13804,7 +20303,15 @@ interactions: and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Microsoft + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Service + Bus namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d890f7f-100c-473d-baa1-2777e2266535\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d890f7f-100c-473d-baa1-2777e2266535\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -13831,7 +20338,18 @@ interactions: auditing Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure SQL Database server to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure SQL Database server to stream resource logs + to a Log Analytics workspace when any SQL Server which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"logAnalyticsWorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the server should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"logAnalyticsWorkspaceId\":{\"type\":\"string\"}},\"variables\":{\"diagnosticSettingsName\":\"SQLSecurityAuditEvents_3d229c42-c7e7-4c97-9a99-ec0d0d8b86c1\"},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"name\":\"[concat(parameters('serverName'),'/master/microsoft.insights/',variables('diagnosticSettingsName'))]\",\"apiVersion\":\"2017-05-01-preview\",\"properties\":{\"name\":\"[variables('diagnosticSettingsName')]\",\"workspaceId\":\"[parameters('logAnalyticsWorkspaceId')]\",\"logs\":[{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":true,\"retentionPolicy\":{\"days\":0,\"enabled\":false}}]}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"dependsOn\":[\"[concat('Microsoft.Sql/servers/', + parameters('serverName'),'/databases/master/providers/microsoft.insights/diagnosticSettings/', + variables('diagnosticSettingsName'))]\"],\"properties\":{\"state\":\"Enabled\",\"isAzureMonitorTargetEnabled\":true}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"logAnalyticsWorkspaceId\":{\"value\":\"[parameters('logAnalyticsWorkspaceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ea8a143-05e3-4553-abfe-f56bef8b0b70\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ea8a143-05e3-4553-abfe-f56bef8b0b70\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14177,28 +20695,27 @@ interactions: subscription().subscriptionId, '/resourceGroups/', parameters('vmRgName'), '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]\"}}],\"outputs\":{\"status\":{\"type\":\"string\",\"value\":\"[concat('Backup enabled successfully for VM:', ' ', parameters('vmName'), 'Backup Vault: ', - variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Diagnostic + variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Resource logs in Event Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Event + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Event Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network interfaces should not have public IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id\",\"notLike\":\"*\"}}]},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a86a26-fd1f-447c-b59d-e51f44264114\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - MySQL database servers enables implementing a separation of duties in the - management of keys and data. When you configure a customer-managed key, the - key is used to protect and control access to the key that encrypts your data. - You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83cef61d-dbd1-4b20-a4fc-5fbc7da10833\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1382 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14358,7 +20875,21 @@ interactions: Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your IoT Hub device provisioning instance so that + it's not accessible over the public internet. This can reduce data leakage + risks. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/859dfc91-ea35-43a6-8256-31271c363794\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"859dfc91-ea35-43a6-8256-31271c363794\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory integration runtime should have a limit for number of cores\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + manage your resources and costs, limit the number of cores for an integration + runtime.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"maxCores\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed max number of cores\",\"description\":\"The max number of cores allowed + for dataflow.\"},\"defaultValue\":32}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"greater\":\"[parameters('maxCores')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/85bb39b5-2f66-49f8-9306-77da3ac5130f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"85bb39b5-2f66-49f8-9306-77da3ac5130f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -14366,11 +20897,11 @@ interactions: Managed Control 1326 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8605fc00-1bf5-4fb3-984e-c95cec4f231d\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit - or deny resources that do not have any IP rules configured and allow all networks - by default. Accounts that have at least one IP rule defined with the virtual - network filter enabled are deemed compliant. Accounts disabling public access - are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Firewall + rules should be defined on your Azure Cosmos DB accounts to prevent traffic + from unauthorized sources. Accounts that have at least one IP rule defined + with the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"equals\":\"Enabled\"}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"equals\":\"false\"},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules[*]\"},\"equals\":0}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"equals\":\"\"}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options @@ -14394,9 +20925,9 @@ interactions: '/current')]\",\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\",\"apiVersion\":\"2014-04-01\",\"properties\":{\"status\":\"Enabled\"}}]},\"parameters\":{\"fullDbName\":{\"value\":\"[field('fullName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\"},{\"properties\":{\"displayName\":\"System updates should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Missing security system updates on your servers will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c0f5316d-5ac5-9218-b77a-b96e16ccfd66\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"4ab6e3c5-74dd-8b35-9ab9-f61b30875b27\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1507 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86ccd1bf-e7ad-4851-93ce-6ec817469c1e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -14534,13 +21065,29 @@ interactions: Managed Control 1215 - Least Functionality\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"88fc93e8-4745-4785-b5a5-b44bb92c44ff\"},{\"properties\":{\"displayName\":\"SQL - servers should be configured with auditing retention days greater than 90 - days.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - SQL servers configured with an auditing retention period of less than 90 days.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + servers should be configured with 90 days auditing retention or higher\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + servers should be configured with 90 days auditing retention or higher.\",\"metadata\":{\"version\":\"2.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89099bee-89e0-4b26-a5f4-165451757743\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1411 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid domains to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898e9824-104c-4965-8e0e-5197588fa5d4\"},{\"properties\":{\"displayName\":\"App + Configuration should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"When + using a supported SKU, Azure Private Link lets you connect your virtual network + to Azure services without a public IP address at the source or destination. + The private link platform handles the connectivity between the consumer and + services over the Azure backbone network. By mapping private endpoints to + your app configuration instances instead of the entire service, you'll also + be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/sku.name\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89c8a434-18f0-402c-8147-630a8dea54e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89c8a434-18f0-402c-8147-630a8dea54e0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a29d47b-8604-4667-84ef-90d203fcb305\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -14551,7 +21098,13 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should deploy into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + communication between your containers with Azure Virtual Networks. When you + specify a virtual network, resources within the virtual network can securely + and privately communicate with each other.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"field\":\"Microsoft.ContainerInstance/containerGroups/networkProfile.id\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8af8f826-edcb-4178-b35f-851ea6fea615\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs with a pending reboot\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -14663,7 +21216,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom - workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Microsoft + workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to enable private endpoint connections\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint connection enables private connectivity to your Azure SQL + Database via a private IP address inside a virtual network. This configuration + improves your security posture and supports Azure networking tools and scenarios.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Subnet + to use for Private Endpoints\",\"description\":\"The name of the subnet within + the virtual network that you would like to use for your Private Endpoint Connection + deployment\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].id\",\"exists\":\"false\"}},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/privateEndpointConnections\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"subnetlocation\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"name\":\"[variables('privateEndpointName')]\",\"location\":\"[parameters('subnetlocation')]\",\"properties\":{\"privateLinkServiceConnections\":[{\"name\":\"[parameters('name')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"sqlServer\"],\"privateLinkServiceConnectionState\":{\"status\":\"Approved\",\"description\":\"Auto-approved\",\"actionsRequired\":\"None\"}}}],\"manualPrivateLinkServiceConnections\":[],\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"customDnsConfigs\":[]}}]},\"parameters\":{\"name\":{\"value\":\"[parameters('name')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"subnetlocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e8ca470-d980-4831-99e6-dc70d9f6af87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e8ca470-d980-4831-99e6-dc70d9f6af87\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1517 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8f5ad423-50d6-4617-b058-69908f5586c9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -14886,21 +21447,37 @@ interactions: Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Event + Hub namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91678b7c-d721-4fc5-b179-3cdf74e96b1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91678b7c-d721-4fc5-b179-3cdf74e96b1c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Resource + logs in App Services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + enabling of resource logs on the app. This enables you to recreate activity + trails for investigation purposes if a security incident occurs or your network + is compromised.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91a78b24-f231-4a8a-8da9-02c35b2b6510\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"Deploy + Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Dependency agent to Windows Azure Arc machines if the agent - isn't installed.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\",\"resources\":[{\"type\":\"extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[variables('DaExtensionName')]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[\"[concat('Microsoft.HybridCompute/machines/', - parameters('vmName'))]\"],\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}]}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + isn't installed.\",\"metadata\":{\"version\":\"1.2.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[concat(parameters('vmName'), + '/', variables('DaExtensionName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -14908,9 +21485,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"924e1b2d-c502-478f-bfdb-a7e09a0d5c01\"},{\"properties\":{\"displayName\":\"MFA should be enabled accounts with write permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1290 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"92f85ce9-17b7-49ea-85ee-ea7271ea6b82\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -14988,10 +21565,29 @@ interactions: Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault to stream resource logs to a Log + Analytics workspace when any Key Vault which is missing this diagnostic settings + is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKeyVaultDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Key Vault should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AuditEventEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AuditEvent + - Enabled\",\"description\":\"Whether to stream AuditEvent logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AllMetricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AuditEventEnabled\":{\"type\":\"string\"},\"AllMetricsEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('AuditEventEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"AuditEventEnabled\":{\"value\":\"[parameters('AllMetricsEnabled')]\"},\"AllMetricsEnabled\":{\"value\":\"[parameters('AuditEventEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/951af2fa-529b-416e-ab6e-066fd85ac459\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"951af2fa-529b-416e-ab6e-066fd85ac459\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1526 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Authentication + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Automation + accounts should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your Automation + account resources by creating private endpoints instead. Learn more at: https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"955a914f-bf86-4f0e-acd5-e0766b0efcb6\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your web app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they @@ -15058,7 +21654,15 @@ interactions: Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},{\"field\":\"[concat('tags[', parameters('tagName'), ']')]\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f\"],\"operations\":[{\"operation\":\"add\",\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"HPC + Cache accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure HPC Cache with customer-managed keys. By default, + customer data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageCache/caches\"},{\"field\":\"Microsoft.StorageCache/caches/encryptionSettings.keyEncryptionKey.keyUrl\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/970f84d8-71b6-4091-9979-ace7e3fb6dbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"970f84d8-71b6-4091-9979-ace7e3fb6dbb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - MSS (Legacy)'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -15110,11 +21714,13 @@ interactions: Managed Control 1378 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"97fceb70-6983-42d0-9331-18ad8253184d\"},{\"properties\":{\"displayName\":\"Azure - Event Grid domains should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid domains that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid domains should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid domain instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"count\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9830b652-8523-49cc-b1b3-e17dce1127ca\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation only in United States data centers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows @@ -15198,7 +21804,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9943c16a-c54c-4b4a-ad28-bfd938cdbf57\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Azure + Batch account should use customer-managed keys to encrypt data\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Batch account's + data. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/Batch-CMK.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15245,7 +21859,16 @@ interactions: IaaSAntimalware extension should be deployed on Windows servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to IoT + Hub device provisioning service, you can reduce data leakage risks. Learn + more about private links at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/provisioningServices\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"greaterOrEquals\":1},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotDps\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b75ea5b-c796-4c99-aaaf-21c204daac43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b75ea5b-c796-4c99-aaaf-21c204daac43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1236 - Software Usage Restrictions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9ba3ed84-c768-4e18-b87c-34ef1aff1b57\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15262,7 +21885,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c284fc0-268a-4f29-af44-3c126674edb4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1135 - Non-Repudiation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cognitive Search service so that it is + not accessible over the public internet. This can reduce data leakage risks. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9cee519f-d9c1-4fd9-9f79-24ec3449ed30\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1489 - Location Of Information System Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9d0a794f-1444-4c96-9534-e35fc8c39c91\"},{\"properties\":{\"displayName\":\"Ensure @@ -15305,8 +21933,8 @@ interactions: Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your - resources.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application + resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application definition for Managed Application should use customer provided storage account\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use your own storage account to control the application definition data when this is a regulatory or compliance requirement. You can choose to store your managed @@ -15359,7 +21987,17 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Configure + Storage account to use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + storage account, you can reduce data leakage risks. Learn more about private + links at - https://aka.ms/azureprivatelinkoverview\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"The subnetId that private endpoint + connections should link to\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Type of sub-resource for the resource selected + above, that your private endpoint will be able to access\"},\"allowedValues\":[\"blob\",\"blob_secondary\",\"table\",\"table_secondary\",\"queue\",\"queue_secondary\",\"file\",\"web\",\"web_secondary\",\"dfs\",\"dfs_secondary\"],\"defaultValue\":\"blob\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"kind\",\"in\":[\"StorageV2\",\"BlobStorage\",\"BlockBlobStorage\",\"FileStorage\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":\"[array(parameters('targetSubResource'))]\",\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f766f00-8d11-464e-80e1-4091d7874074\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f766f00-8d11-464e-80e1-4091d7874074\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1354 - Incident Response Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9fd92c17-163a-4511-bb96-bbb476449796\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -15370,7 +22008,15 @@ interactions: auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search service should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of Azure Cognitive Search, Azure Private Link lets you connect + your virtual network to Azure services without a public IP address at the + source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your Search service, data leakage risks are reduced. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or Deny the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/sku.name\",\"equals\":\"free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a049bf77-880b-470f-ba6d-9f21c530cf83\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1145 - Security Assessments\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a0724970-9c75-4a64-a225-a28002953f28\"},{\"properties\":{\"displayName\":\"Allowed @@ -15403,7 +22049,16 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces/authorizationRules\"},{\"field\":\"name\",\"notEquals\":\"RootManageSharedAccessKey\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1817ec0-a368-432a-8057-8371e17ac6ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Event Hubs supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Event Hub will use to encrypt data in your namespace. Note that Event + Hub only supports encryption with customer-managed keys for namespaces in + dedicated clusters.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},{\"field\":\"Microsoft.EventHub/namespaces/clusterArmId\",\"exists\":\"true\"},{\"not\":{\"field\":\"Microsoft.EventHub/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Logic Apps to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -15455,7 +22110,15 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Resource + logs in Azure Key Vault Managed HSM should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + recreate activity trails for investigation purposes when a security incident + occurs or when your network is compromised, you may want to audit by enabling + resource logs on Managed HSMs. Please follow the instructions here: https://docs.microsoft.com/azure/key-vault/managed-hsm/logging.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2a5b911-5617-447e-a49e-59dbe0e0434b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1532 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2c66299-9017-4d95-8040-8bdbf7901d52\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15475,13 +22138,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1238 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Log + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Configure + Container registries to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Container Registry resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at https://aka.ms/acr/portal/public-network and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3701552-92ea-433e-9d17-33b7f1208fc9\"},{\"properties\":{\"displayName\":\"Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Security Center collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux Azure Monitor agent to enable Azure Monitor assignments + on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux Azure Monitor agent to Linux virtual machines hosted in Azure that are + supported by Azure Monitor. Azure Monitor agent collects events from the virtual + machine that can be used to provide recommendations. Target virtual machines + must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorLinuxAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorLinuxAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorLinuxAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4034bc6-ae50-406d-bf76-50f4ee5a7811\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a450eba6-2efc-4a00-846a-5804a93c6b77\"},{\"properties\":{\"displayName\":\"Audit @@ -15504,10 +22180,83 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"d1db3318-01ff-16de-29eb-28b344515626\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4fe33eb-e377-4efb-ab31-0784311bc499\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1617 - Application Partitioning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Auditing + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to CosmosDB account. + Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Dns Zone Id\",\"description\":\"The private DNS zone to deploy in a new private + DNS zone group and link to the private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Endpoint Group Id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"cosmosDB-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a63cc0bd-cda4-4178-b705-37dc439d3e0f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to an Event Hub to be enabled on Azure Key + Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Event Hub when any Azure Key Vault Managed HSM which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy\"},\"eventHubRuleId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Authorization Rule Id\",\"description\":\"The Event Hub authorization + rule Id for Azure Diagnostics. The authorization rule needs to be at Event + Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource + group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization + rule}\",\"strongType\":\"Microsoft.EventHub/Namespaces/AuthorizationRules\",\"assignPermissions\":true}},\"eventHubLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Location\",\"description\":\"The location the Event Hub resides in. Only + Azure Key Vault Managed HSMs in this location will be linked to this Event + Hub.\",\"strongType\":\"location\"},\"defaultValue\":\"\"},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Event + Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Event Hub - + True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"hsmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('hsmName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + diagnostic settings for ', parameters('hsmName'))]\"}}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"hsmName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6d2c800-5230-4a40-bff3-8268b4987d42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6d2c800-5230-4a40-bff3-8268b4987d42\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using HTTPS secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires HTTPS user and key secrets stored in Key + Vault. For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"httpsUserKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + user name Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS user name.\"},\"defaultValue\":\"\"},\"httpsKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + key Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"httpsUser\":{\"type\":\"securestring\"},\"httpsKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"httpsUser\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsUserKeyVaultSecretName')]\"}},\"httpsKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6f560f4-f582-4b67-b123-a37dcd1bf7ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6f560f4-f582-4b67-b123-a37dcd1bf7ea\"},{\"properties\":{\"displayName\":\"Auditing on SQL server should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing on your SQL Server should be enabled to track database activities across all - databases on the server, except Synapse, and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + databases on the server and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"},{\"properties\":{\"displayName\":\"The Log Analytics agent should be installed on virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -15525,9 +22274,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\"},{\"properties\":{\"displayName\":\"Azure DDoS Protection Standard should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"DDoS protection standard should be enabled for all virtual networks with a subnet - that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1570 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7fcf38d-bb09-4600-be7d-825046eb162a\"},{\"properties\":{\"displayName\":\"Require @@ -15592,8 +22341,11 @@ interactions: implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a96f743d-a195-420d-983a-08aa06bc441e\"},{\"properties\":{\"displayName\":\"SQL Managed Instances should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Managed - Instances should avoid using GRS storage for backups if data residency rules - require data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Instances should avoid using the default geo-redundant storage for backups, + if data residency rules require data to stay within a specific region. Note: + Azure Policy is not enforced when creating a database using T-SQL. If not + explicitly specified, database with geo-redundant backup storage is created + via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9934fd7-29f2-4e6d-ab3d-607ea38e9079\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9934fd7-29f2-4e6d-ab3d-607ea38e9079\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15616,15 +22368,24 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9eae324-d327-4539-9293-b48e122465f8\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with owner permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure that Register with Azure Active Directory is enabled on WEB App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy is a duplicate of the respective Managed Identity policies. Please use /providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332 instead.\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"App Service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Microsoft + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning instances to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to an IoT Hub device + provisioning service instance. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotDps\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices-provisioning.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1539 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aabb155f-e7a5-4896-a767-e918bfae2ee0\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15666,7 +22427,77 @@ interactions: relevant non-compliant assignment and create a remediation task.\\nRepeat this step when you have one or more new subscriptions you want to monitor with Security Center.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Microsoft + Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Deploy + - Configure disaster recovery on virtual machines by enabling replication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual + machines without disaster recovery configurations are vulnerable to outages + and other disruptions. If the virtual machine does not already have disaster + recovery configured, this would initiate the same by enabling replication + using preset configurations to facilitate business continuity. To learn more + about disaster recovery, visit https://aka.ms/asr-doc.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Compute\"},\"parameters\":{\"sourceRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Source + Region\",\"description\":\"Region in which the virtual machine is originally + deployed\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Region\",\"description\":\"Region to be used to deploy the virtual machine + in case of a natural disaster\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Resource Group\",\"description\":\"Resource group to be used to create the + virtual machine in the target region\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Vault + Resource Group\",\"description\":\"The resource group containing the recovery + services vault used for disaster recovery configurations\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Services Vault\",\"description\":\"ID of the recovery services vault to be + used for disaster recovery configurations\",\"strongType\":\"Microsoft.RecoveryServices/vaults\",\"serviceName\":\"ASR\"}},\"recoveryNetworkId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Virtual Network\",\"description\":\"Existing Recovery Virtual Network ID or + name of the Virtual Network to be created in Target Region\",\"strongType\":\"Microsoft.Network/virtualNetworks\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"targetZone\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Availability Zone\",\"description\":\"Availability zone in the designated + target region to be used by virtual machines during disaster\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"equals\":\"[parameters('sourceRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.vhd.uri\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.encryptionSettings\",\"exists\":\"false\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"location\",\"equals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones[*]\",\"notEquals\":\"[parameters('targetZone')]\"}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"value\":\"[length(parameters('targetZone'))]\",\"greater\":0}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"false\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Resources/links\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"ASR-Protect-*\"},{\"field\":\"Microsoft.Resources/links/targetId\",\"contains\":\"/replicationProtectedItems/\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"apiVersion\":{\"type\":\"String\"},\"avSetId\":{\"type\":\"String\"},\"dataDiskIds\":{\"type\":\"object\"},\"osDiskId\":{\"type\":\"String\"},\"ppgId\":{\"type\":\"String\"},\"recoveryNetworkId\":{\"type\":\"String\"},\"recoverySubscriptionId\":{\"type\":\"String\"},\"sourceRegion\":{\"type\":\"String\"},\"sourceResourceGroupName\":{\"type\":\"String\"},\"targetRegion\":{\"type\":\"String\"},\"targetResourceGroupName\":{\"type\":\"String\"},\"targetZone\":{\"type\":\"String\"},\"vaultName\":{\"type\":\"String\"},\"vaultResourceGroupName\":{\"type\":\"String\"},\"vmId\":{\"type\":\"String\"},\"vmZones\":{\"type\":\"Object\"}},\"variables\":{\"avSetApiVersion\":\"2019-03-01\",\"deploymentApiVersion\":\"2017-05-10\",\"vmApiVersion\":\"2019-07-01\",\"ppgApiVersion\":\"2019-12-01\",\"portalLinkPrefix\":\"https://portal.azure.com/#@microsoft.onmicrosoft.com/resource\",\"schemaLink\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"defaultAvSet\":\"defaultAvSet-asr\",\"defaultPPG\":\"defaultPPG-asr\",\"eligibilityResultsDefault\":\"default\",\"protectedItemSuffix\":\"-policy\",\"recoveryAvSetPrefix\":\"RecoveryAvSet-\",\"recoveryPPGPrefix\":\"RecoveryPPG-\",\"avSetType\":\"Microsoft.Compute/availabilitySets\",\"deploymentType\":\"Microsoft.Resources/deployments\",\"networkType\":\"Microsoft.Network/virtualNetworks\",\"ppgType\":\"Microsoft.Compute/proximityPlacementGroups\",\"replicationEligibilityResultsType\":\"Microsoft.RecoveryServices/replicationEligibilityResults\",\"storageType\":\"Microsoft.Storage/storageAccounts\",\"vaultType\":\"Microsoft.RecoveryServices/vaults\",\"avSetTemplateName\":\"[concat(variables('recoveryAvSetPrefix'), + last(split(parameters('vmId'), '/')))]\",\"avSetTemplateName64\":\"[if(greater(length(variables('avSetTemplateName')), + 64), substring(variables('avSetTemplateName'), 0, 64), variables('avSetTemplateName'))]\",\"ppgTemplateName\":\"[concat(variables('recoveryPPGPrefix'), + last(split(parameters('vmId'), '/')))]\",\"ppgTemplateName64\":\"[if(greater(length(variables('ppgTemplateName')), + 64), substring(variables('ppgTemplateName'), 0, 64), variables('ppgTemplateName'))]\",\"replicationProtectedIntentTemplateName\":\"[concat('ASR-', + parameters('sourceResourceGroupName'), '-', last(split(parameters('vmId'), + '/')))]\",\"replicationProtectedIntentTemplateName64\":\"[if(greater(length(variables('replicationProtectedIntentTemplateName')), + 64), substring(variables('replicationProtectedIntentTemplateName'), 0, 64), + variables('replicationProtectedIntentTemplateName'))]\",\"vmDataDiskIds\":\"[array(parameters('dataDiskIds').rawValue)]\",\"vmDiskCount\":\"[add(length(variables('vmDataDiskIds')), + int(1))]\",\"diskIds\":\"[concat(array(parameters('osDiskId')), array(parameters('dataDiskIds').rawValue))]\",\"vaultId\":\"[resourceId(parameters('vaultResourceGroupName'), + variables('vaultType'), parameters('vaultName'))]\",\"eligibilityResultsId\":\"[extensionResourceId(parameters('vmId'), + variables('replicationEligibilityResultsType'), variables('eligibilityResultsDefault'))]\",\"protectedIntentName\":\"[concat(parameters('vaultName'), + '/', guid(resourceGroup().id, last(split(parameters('vmId'), '/'))), variables('protectedItemSuffix'))]\",\"recoveryAvSetName\":\"[if(empty(parameters('avSetId')), + variables('defaultAvSet'), concat(last(split(parameters('avSetId'), '/')), + '-asr'))]\",\"recoveryAvSetId\":\"[if(empty(parameters('avSetId')), '', resourceId(parameters('targetResourceGroupName'), + variables('avSetType'), variables('recoveryAvSetName')))]\",\"recoveryAvType\":\"[if(not(empty(parameters('avSetId'))), + 'AvailabilitySet', if(greater(length(parameters('vmZones').rawValue), 0), + 'AvailabilityZone', 'Single'))]\",\"recoveryAvZone\":\"[if(greater(length(parameters('vmZones').rawValue), + 0), parameters('targetZone'), '')]\",\"recoveryPPGName\":\"[if(empty(parameters('ppgId')), + variables('defaultPPG'), concat(last(split(parameters('ppgId'), '/')), '-asr'))]\",\"recoveryPPGId\":\"[if(empty(parameters('ppgId')), + '', resourceId(parameters('targetResourceGroupName'), variables('ppgType'), + variables('recoveryPPGName')))]\",\"targetResourceGroupId\":\"[concat('/subscriptions/', + parameters('recoverySubscriptionId'), '/resourceGroups/', parameters('targetResourceGroupName'))]\"},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('ppgTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"type\":\"[variables('ppgType')]\",\"name\":\"[variables('recoveryPPGName')]\",\"apiVersion\":\"[variables('ppgApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"properties\":{\"proximityPlacementGroupType\":\"[if(empty(parameters('ppgId')), + 'Standard', reference(parameters('ppgId'), variables('ppgApiVersion')).proximityPlacementGroupType)]\"}}]},\"parameters\":{}}},{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('avSetTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"type\":\"[variables('avSetType')]\",\"sku\":{\"name\":\"[if(empty(parameters('avSetId')), + 'Aligned', reference(parameters('avSetId'), variables('avSetApiVersion'), + 'Full').sku.name)]\"},\"name\":\"[variables('recoveryAvSetName')]\",\"apiVersion\":\"[variables('avSetApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"tags\":{},\"properties\":{\"platformUpdateDomainCount\":\"[if(empty(parameters('avSetId')), + '5', reference(parameters('avSetId'), variables('avSetApiVersion')).platformUpdateDomainCount)]\",\"platformFaultDomainCount\":\"[if(empty(parameters('avSetId')), + '2', reference(parameters('avSetId'), variables('avSetApiVersion')).platformFaultDomainCount)]\",\"proximityPlacementGroup\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"id\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\"}}]},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\"]},{\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('replicationProtectedIntentTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('vaultResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/replicationProtectionIntents\",\"name\":\"[variables('protectedIntentName')]\",\"apiVersion\":\"[parameters('apiVersion')]\",\"properties\":{\"providerSpecificDetails\":{\"instanceType\":\"A2A\",\"fabricObjectId\":\"[parameters('vmId')]\",\"primaryLocation\":\"[parameters('sourceRegion')]\",\"recoveryLocation\":\"[parameters('targetRegion')]\",\"recoverySubscriptionId\":\"[parameters('recoverySubscriptionId')]\",\"recoveryAvailabilityType\":\"[variables('recoveryAvType')]\",\"recoveryAvailabilityZone\":\"[variables('recoveryAvZone')]\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\",\"recoveryAvailabilitySetCustomInput\":\"[if(empty(parameters('avSetId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryAvailabilitySetId\\\"', ':', '\\\"', variables('recoveryAvSetId'), + '\\\"', '}')))]\",\"recoveryProximityPlacementGroupCustomInput\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryProximityPlacementGroupId\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\",\"recoveryVirtualNetworkCustomInput\":\"[if(contains(parameters('recoveryNetworkId'), + '/'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryVirtualNetworkId\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"New\\\",', + '\\\"recoveryVirtualNetworkName\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')))]\",\"vmDisks\":[],\"copy\":[{\"name\":\"vmManagedDisks\",\"count\":\"[variables('vmDiskCount')]\",\"input\":{\"diskId\":\"[if(equals(copyIndex('vmManagedDisks'), + int(0)), reference(parameters('vmId'), variables('vmApiVersion')).storageProfile.osDisk.managedDisk.Id, + variables('vmDataDiskIds')[sub(copyIndex('vmManagedDisks'), int(1))])]\",\"recoveryResourceGroupCustomInput\":{\"resourceType\":\"Existing\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\"}}}]}}}],\"outputs\":{\"vmName\":{\"value\":\"[last(split(parameters('vmId'), + '/'))]\",\"type\":\"string\"},\"availabilitySetUrl\":{\"value\":\"[if(empty(parameters('avSetId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryAvSetId')))]\",\"type\":\"string\"},\"proximityPlacementGroupUrl\":{\"value\":\"[if(empty(parameters('ppgId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryPPGId')))]\",\"type\":\"string\"},\"replicationEligibilityResults\":{\"value\":\"[reference(variables('eligibilityResultsId'), + parameters('apiVersion'))]\",\"type\":\"Object\"}}},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\",\"[variables('avSetTemplateName64')]\"]}],\"outputs\":{}},\"parameters\":{\"apiVersion\":{\"value\":\"2018-07-10\"},\"avSetId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/availabilitySet.id')]\"},\"dataDiskIds\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\"emptyArray\":[]}},\"osDiskId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"},\"ppgId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/proximityPlacementGroup.id')]\"},\"recoveryNetworkId\":{\"value\":\"[parameters('recoveryNetworkId')]\"},\"recoverySubscriptionId\":{\"value\":\"[subscription().subscriptionId]\"},\"sourceRegion\":{\"value\":\"[parameters('sourceRegion')]\"},\"sourceResourceGroupName\":{\"value\":\"[resourcegroup().Name]\"},\"targetRegion\":{\"value\":\"[parameters('targetRegion')]\"},\"targetResourceGroupName\":{\"value\":\"[last(split(parameters('targetResourceGroupId'), + '/'))]\"},\"targetZone\":{\"value\":\"[parameters('targetZone')]\"},\"vaultName\":{\"value\":\"[last(split(parameters('vaultId'), + '/'))]\"},\"vaultResourceGroupName\":{\"value\":\"[last(split(parameters('vaultResourceGroupId'), + '/'))]\"},\"vmId\":{\"value\":\"[field('id')]\"},\"vmZones\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/zones')]\",\"emptyArray\":[]}}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac34a73f-9fa5-4067-9247-a3ecae514468\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac34a73f-9fa5-4067-9247-a3ecae514468\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15676,7 +22507,26 @@ interactions: Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"Configure + Synapse workspaces to have auditing enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure the operations performed against your SQL assets are captured, Synapse + workspaces should have auditing enabled. This is sometimes required for compliance + with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"Integer\",\"metadata\":{\"description\":\"The + value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention + days (optional, 180 days if unspecified)\"},\"defaultValue\":180},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name for storage accounts\",\"description\":\"Auditing writes database + events to an audit log in your Azure Storage account (a storage account will + be created in each region where a Synapse workspace is created that will be + shared by all Synapse workspaces in that region). Important - for proper operation + of Auditing do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"workspaceName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"int\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[parameters('auditRetentionDays')]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), + 0, 3)]\",\"storageName\":\"[tolower(concat('workspaceaudit', variables('locationCode'), + variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('workspaceAuditingStorageAccount-', + uniqueString(variables('locationCode'), deployment().name))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure Synapse workspaces to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('workspaceName'), + '/Default')]\",\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"workspaceName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation if 'environment' tag value in allowed values\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Tags\",\"deprecated\":true},\"parameters\":{},\"policyRule\":{\"if\":{\"not\":{\"field\":\"tags['environment']\",\"in\":[\"production\",\"dev\",\"test\",\"staging\"]}},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15699,11 +22549,14 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae5d2f14-d830-42b6-9899-df6cfe9c71a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1598 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Virtual - machines should have the Guest Configuration extension\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - machines in Azure that do not have the Guest Configuration extension are Noncompliant. - The extension is required to audit or configure settings inside Azure virtual - machines. For more information about Guest Configuration, see https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Guest + Configuration extension should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure configurations of in-guest settings of your machine, install + the Guest Configuration extension. In-guest settings that the extension monitors + include the configuration of the operating system, application configuration + or presence, and environment settings. Once installed, in-guest policies will + be available such as 'Windows Exploit guard should be enabled'. Learn more + at https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\",\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae89ebca-1c92-4898-ac2c-9f63decb045c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Email notifications to admins should be enabled in SQL Managed Instance advanced @@ -15731,9 +22584,9 @@ interactions: against which this policy will be evaluated.\"},\"allowedValues\":[\"Standard\"],\"defaultValue\":[\"Standard\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppPlatform/Spring\"},{\"field\":\"Microsoft.AppPlatform/Spring/sku.tier\",\"in\":\"[parameters('evaluatedSkuNames')]\"},{\"field\":\"Microsoft.AppPlatform/Spring/networkProfile.serviceRuntimeSubnetId\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af35e2a4-ef96-44e7-a9ae-853dd97032c4\"},{\"properties\":{\"displayName\":\"Monitor missing Endpoint Protection in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers without an installed Endpoint Protection agent will be monitored by Azure - Security Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Security Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: Monitor unaudited SQL servers in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"SQL servers which don't have SQL auditing turned on will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced @@ -15757,13 +22610,27 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b07c9b24-729e-4e85-95fc-f224d2d08a80\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1711 - Security Function Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Management + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should be injected into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Injecting + Azure HDInsight clusters in a virtual network unlocks advanced HDInsight networking + and security features and provides you with control over your network security + configuration.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"count\":{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.id\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.subnet\",\"exists\":false}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0ab5b05-1c98-40f7-bb9e-dc568e41b501\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0ab5b05-1c98-40f7-bb9e-dc568e41b501\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints connect to Azure SignalR + Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure SignalR + Service resource. Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"description\":\"Private DNS zone to integrate with private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"defaultValue\":\"privatelink.service.signalr.net\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"signalr\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-service-signalr-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0e86710-7fb7-4a6c-a064-32e9b829509e\"},{\"properties\":{\"displayName\":\"Management ports of virtual machines should be protected with just-in-time network access control\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Possible network Just In Time (JIT) access will be monitored by Azure Security Center - as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1571 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b11c985b-f2cd-4bd7-85f4-b52426edf905\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -15779,8 +22646,10 @@ interactions: implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b19454ca-0d70-42c0-acf5-ea1c1e5726d1\"},{\"properties\":{\"displayName\":\"SQL Database should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Databases - should avoid using GRS storage for backups if data residency rules require - data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + should avoid using the default geo-redundant storage for backups, if data + residency rules require data to stay within a specific region. Note: Azure + Policy is not enforced when creating a database using T-SQL. If not explicitly + specified, database with geo-redundant backup storage is created via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},{\"field\":\"Microsoft.Sql/servers/databases/edition\",\"notEquals\":\"DataWarehouse\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1091 - Security Awareness Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -15832,7 +22701,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[SecureWebServer]s1;MinimumTLSVersion\",\"value\":\"[parameters('MinimumTLSVersion')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is deployed for the indicated Storage Sync Service resource. + This enables you to address your Storage Sync Service resource from within + the private IP address space of your organization's network, rather than through + the internet-accessible public endpoint. The existence of one or more private + endpoints by themselves does not disable the public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet with private endpoint network policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"afs\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b35dddd9-daf7-423b-8375-5a5b86806d5a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b35dddd9-daf7-423b-8375-5a5b86806d5a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -15840,20 +22717,36 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to a Log Analytics workspace to be enabled + on Azure Key Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Log Analytics workspace when any Azure Key Vault Managed HSM which is missing + this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + to send log to. If this workspace is outside of the scope of the assignment + you must manually grant 'Log Analytics Contributor' permissions (or similar) + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3884c81-31aa-473d-a9bb-9466fe0ec2a0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3884c81-31aa-473d-a9bb-9466fe0ec2a0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3d8d15b-627a-4219-8c96-4d16f788888b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1380 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Resource logs in Search services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1172 - Internal System Connections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b43e946e-a4c8-4b92-8201-4a39331db43c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15890,22 +22783,32 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsShutdown\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Shutdown: Allow system to be shut down without having to log on;ExpectedValue', '=', parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'), ',', 'Shutdown: - Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"A - security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter + Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"Azure + Stack Edge devices should use double-encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + secure the data at rest on the device, ensure it's double-encrypted, the access + to data is controlled, and once the device is deactivated, the data is securely + erased off the data disks. Double encryption is the use of two layers of encryption: + BitLocker XTS-AES 256-bit encryption on the data volumes and built-in encryption + of the hard drives. Learn more in the security overview documentation for + the specific Stack Edge device.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + Stack Edge\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBoxEdge/DataBoxEdgeDevices\"},{\"field\":\"Microsoft.DataboxEdge/DataBoxEdgeDevices/sku.name\",\"notIn\":[\"TEA_1Node\",\"TEA_1Node_UPS\",\"TEA_1Node_Heater\",\"TEA_1Node_UPS_Heater\",\"TEA_4Node_Heater\",\"TEA_4Node_UPS_Heater\",\"TMA\",\"EdgePR_Base\",\"EdgePR_Base_UPS\",\"EdgeMR_Mini\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4ac1030-89c5-4697-8e00-28b5ba6a8811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4ac1030-89c5-4697-8e00-28b5ba6a8811\"},{\"properties\":{\"displayName\":\"[Deprecated]: + A security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter a phone number to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft + compromised resources - This policy is deprecated because phone numbers are + no longer used in any scenario by Azure Security Center\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4f9b47a-2116-4e6f-88db-4edbf22753f1\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for PostgreSQL can only be accessed from a private endpoint. This - configuration strictly disables access from any public address space outside - of Azure IP range, and denies all logins that match IP or virtual network-based - firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b52376f7-9612-48a1-81cd-1ffe4b61032c\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should only use Azure Active Directory for client authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit usage of client authentication only via Azure Active Directory in Service @@ -15920,7 +22823,16 @@ interactions: enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts with private endpoints \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + CosmosDB account, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet in the location\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointGroupId\",\"description\":\"A + group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"privateEndpointGroupId\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"String\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"[parameters('privateEndpointGroupId')]\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b609e813-3156-4079-91fa-a8494c1471c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b609e813-3156-4079-91fa-a8494c1471c4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6747bf9-2b97-45b8-b162-3c8becb9937d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -15936,17 +22848,53 @@ interactions: at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you - understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit + understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit if Network Watcher is not enabled for region(s).\",\"strongType\":\"location\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"NetworkWatcher resource group name\",\"description\":\"Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers - are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft + are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1608 - Supply Chain Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1401 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"API + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for SQL Databases to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for SQL Databases to stream resource logs to a Log + Analytics workspace when any SQL Database which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"SQLDatabaseDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select the Log Analytics workspace + from dropdown list\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreRuntimeStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreRuntimeStatistics + logs to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreWaitStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"ErrorsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Errors + - Enabled\",\"description\":\"Whether to stream Errors logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"DatabaseWaitStatistics + - Enabled\",\"description\":\"Whether to stream DatabaseWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"BlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Blocks + - Enabled\",\"description\":\"Whether to stream Blocks logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLInsightsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLInsights + - Enabled\",\"description\":\"Whether to stream SQLInsights logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLSecurityAuditEvents + - Enabled\",\"description\":\"Whether to stream SQLSecurityAuditEvents logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"TimeoutsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Timeouts + - Enabled\",\"description\":\"Whether to stream Timeouts logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AutomaticTuningEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AutomaticTuning + - Enabled\",\"description\":\"Whether to stream AutomaticTuning logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DeadlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Deadlocks + - Enabled\",\"description\":\"Whether to stream Deadlocks logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Basic\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Basic + (metric) - Enabled\",\"description\":\"Whether to stream Basic metrics to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"InstanceAndAppAdvanced\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"InstanceAndAppAdvanced + (metric) - Enabled\",\"description\":\"Whether to stream InstanceAndAppAdvanced + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"WorkloadManagement\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"WorkloadManagement + (metric) - Enabled\",\"description\":\"Whether to stream WorkloadManagement + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"matchInsensitively\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Basic\":{\"type\":\"string\"},\"InstanceAndAppAdvanced\":{\"type\":\"string\"},\"WorkloadManagement\":{\"type\":\"string\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"string\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"string\"},\"ErrorsEnabled\":{\"type\":\"string\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"string\"},\"BlocksEnabled\":{\"type\":\"string\"},\"SQLInsightsEnabled\":{\"type\":\"string\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"string\"},\"TimeoutsEnabled\":{\"type\":\"string\"},\"AutomaticTuningEnabled\":{\"type\":\"string\"},\"DeadlocksEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Basic\",\"enabled\":\"[parameters('Basic')]\"},{\"category\":\"InstanceAndAppAdvanced\",\"enabled\":\"[parameters('InstanceAndAppAdvanced')]\"},{\"category\":\"WorkloadManagement\",\"enabled\":\"[parameters('WorkloadManagement')]\"}],\"logs\":[{\"category\":\"SQLInsights\",\"enabled\":\"[parameters('SQLInsightsEnabled')]\"},{\"category\":\"AutomaticTuning\",\"enabled\":\"[parameters('AutomaticTuningEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},{\"category\":\"Errors\",\"enabled\":\"[parameters('ErrorsEnabled')]\"},{\"category\":\"DatabaseWaitStatistics\",\"enabled\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},{\"category\":\"Timeouts\",\"enabled\":\"[parameters('TimeoutsEnabled')]\"},{\"category\":\"Blocks\",\"enabled\":\"[parameters('BlocksEnabled')]\"},{\"category\":\"Deadlocks\",\"enabled\":\"[parameters('DeadlocksEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"Basic\":{\"value\":\"[parameters('Basic')]\"},\"InstanceAndAppAdvanced\":{\"value\":\"[parameters('InstanceAndAppAdvanced')]\"},\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"WorkloadManagement\":{\"value\":\"[parameters('WorkloadManagement')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},\"QueryStoreWaitStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},\"ErrorsEnabled\":{\"value\":\"[parameters('ErrorsEnabled')]\"},\"DatabaseWaitStatisticsEnabled\":{\"value\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},\"BlocksEnabled\":{\"value\":\"[parameters('BlocksEnabled')]\"},\"SQLInsightsEnabled\":{\"value\":\"[parameters('SQLInsightsEnabled')]\"},\"SQLSecurityAuditEventsEnabled\":{\"value\":\"[parameters('SQLSecurityAuditEventsEnabled')]\"},\"TimeoutsEnabled\":{\"value\":\"[parameters('TimeoutsEnabled')]\"},\"AutomaticTuningEnabled\":{\"value\":\"[parameters('AutomaticTuningEnabled')]\"},\"DeadlocksEnabled\":{\"value\":\"[parameters('DeadlocksEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b79fa14e-238a-4c2d-b376-442ce508fc84\"},{\"properties\":{\"displayName\":\"API App should only be accessible over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App @@ -15970,7 +22918,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;Members\",\"value\":\"[parameters('Members')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Event Hub namespaces, data + leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b8564268-eb4a-4337-89be-a19db070c59d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b8564268-eb4a-4337-89be-a19db070c59d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -16023,17 +22979,27 @@ interactions: category: 'Security Options - Recovery console'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsRecoveryconsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba12366f-f9a6-42b8-9d98-157d0b1a837b\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should be encrypted with a customer-managed key - (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have encryption enabled with - customer-managed keys (CMK). Customer-managed keys add an additional layer - of security for workspaces. For more information, visit https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Machine + Machine Learning workspaces should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"not\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/encryption.status\",\"equals\":\"enabled\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba769a63-b8cc-4b2d-abf6-ac33c7204be8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"topic\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"topic-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baf19753-7502-405f-8745-370519b20483\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1726 - Information Handling And Retention\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baff1279-05e0-4463-9a70-8ba5de4c7aa4\"},{\"properties\":{\"displayName\":\"Microsoft @@ -16046,9 +23012,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your non-internet-facing virtual machines from potential threats by restricting access with network security groups (NSG). Learn more about controlling traffic - with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1533 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -16139,15 +23105,33 @@ interactions: IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be - reviewed by the network security team.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + reviewed by the network security team.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"Container + registries should have SKUs that support Private Links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your container registries + instead of the entire service, data leakage risks are reduced. Learn more + at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"notEquals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\"},{\"properties\":{\"displayName\":\"[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"SQL\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for DNS should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for DNS provides an additional layer of protection for your cloud + resources by continuously monitoring all DNS queries from your Azure resources. + Azure Defender alerts you about suspicious activity at the DNS layer. Learn + more about the capabilities of Azure Defender for DNS at https://aka.ms/defender-for-dns + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Dns\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bdc59948-5574-49b3-bb91-76b7c986428d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bdc59948-5574-49b3-bb91-76b7c986428d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -16179,15 +23163,13 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NumberOfDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Number of days\",\"description\":\"The number of days without restart until the machine is considered non-compliant\"},\"defaultValue\":\"12\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[MachineUpTime]MachineLastBootUpTime;NumberOfDays', - '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Audit - Windows machines on which Windows Defender Exploit Guard is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the PowerShell command - Get-MPPreference returns configuration details that does not match expected - values. Windows Defender Exploit Guard helps protect against malware that - uses exploits to infect devices and spread. Exploit Guard protection consists - of a number of mitigations that can be applied to either the operating system - or individual apps.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Windows + Defender Exploit Guard should be enabled on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows + Defender Exploit Guard uses the Azure Policy Guest Configuration agent. Exploit + Guard has four components that are designed to lock down devices against a + wide variety of attack vectors and block behaviors commonly used in malware + attacks while enabling enterprises to balance their security risk and productivity + requirements (Windows only).\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NotAvailableMachineState\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Status if Windows Defender is not available on machine\",\"description\":\"Windows @@ -16230,7 +23212,17 @@ interactions: Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is a private IP address allocated inside a customer-owned + virtual network via which an Azure resource is reachable. This policy deploys + a private endpoint for your IoT hub to allow services inside your virtual + network to reach IoT Hub without requiring traffic to be sent to IoT Hub's + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotHub\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf684997-3909-404e-929c-d4a38ed23b2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf684997-3909-404e-929c-d4a38ed23b2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf6850fe-abba-468e-9ef4-d09ec7d983cd\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -16255,7 +23247,55 @@ interactions: Group Membership;ExpectedValue\",\"value\":\"[parameters('AuditGroupMembership')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Only + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using SSH secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires a SSH private key secret in Key Vault. + For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"sshKnownHostsContents\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Base64-encoded + known hosts content\",\"description\":\"The base64-encoded known hosts content.\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"sshPrivateKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SSH + private key Key Vault secret\",\"description\":\"The name of the Key Vault + secret that holds the base64-encoded SSH private key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/sshKnownHostsContents\",\"equals\":\"[parameters('sshKnownHostsContents')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"sshKnownHostsContents\":{\"type\":\"string\"},\"sshPrivateKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":{\"value\":\"[parameters('sshKnownHostsContents')]\"},\"sshPrivateKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('sshPrivateKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c050047b-b21b-4822-8a2d-c1e37c3c0c6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c050047b-b21b-4822-8a2d-c1e37c3c0c6a\"},{\"properties\":{\"displayName\":\"Configure + private endpoint connections on Azure Automation accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Azure Automation accounts without a need for public IP addresses at the + source or destination. Learn more about private endpoints in Azure Automation + at https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Webhook\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}},{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"DSCAndHybridWorker\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c0c3130e-7dda-4187-aed0-ee4a472eaa60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c0c3130e-7dda-4187-aed0-ee4a472eaa60\"},{\"properties\":{\"displayName\":\"Only approved VM extensions should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy governs the virtual machine extensions that are not approved.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"approvedExtensions\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -16401,7 +23441,8 @@ interactions: for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, - verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure Defender for container registries should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Defender for container registries provides vulnerability scanning of any images pulled within the last 30 days, pushed to your registry, or imported, and @@ -16432,19 +23473,37 @@ interactions: Box\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"supportedSKUs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Supported SKUs\",\"description\":\"The list of SKUs that support software-based double - encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Microsoft + encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Azure + Key Vault Managed HSM should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + deletion of an Azure Key Vault Managed HSM can lead to permanent data loss. + A malicious insider in your organization can potentially delete and purge + Azure Key Vault Managed HSM. Purge protection protects you from insider attacks + by enforcing a mandatory retention period for soft deleted Azure Key Vault + Managed HSM. No one inside your organization or Microsoft will be able to + purge your Azure Key Vault Managed HSM during the soft delete retention period.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/managedHsms/enableSoftDelete\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.KeyVault/managedHsms/enablePurgeProtection\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39ba22d-4428-4149-b981-70acb31fc383\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1389 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39e6fda-ae70-4891-a739-be7bba6d1062\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"System + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for Resource Manager should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for Resource Manager automatically monitors the resource management + operations in your organization. Azure Defender detects threats and alerts + you about suspicious activity. Learn more about the capabilities of Azure + Defender for Resource Manager at https://aka.ms/defender-for-resource-manager + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Arm\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3d20c29-b36d-48fe-808b-99a87530ad99\"},{\"properties\":{\"displayName\":\"System updates on virtual machine scale sets should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine - scale sets are secure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + scale sets are secure.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -16474,9 +23533,9 @@ interactions: implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4aff9e7-2e60-46fa-86be-506b79033fc5\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your API App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they @@ -16636,27 +23695,25 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c69b870e-857b-458b-af02-bb234f7a00d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1125 - Audit Reduction And Report Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"Deploy + Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific - categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Profile name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Log Analytics workspace\",\"description\":\"Select Log Analytics workspace - from dropdown list. If this workspace is outside of the scope of the assignment + categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select Log Analytics workspace from + dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Name\",\"description\":\"Name of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Value\",\"description\":\"Value of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Name\",\"description\":\"Name of the tag to use for excluding vaults from + this policy. This should be used along with the Exclusion Tag Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Value\",\"description\":\"Value of the tag to use for excluding vaults + from this policy. This should be used along with the Exclusion Tag Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allof\":[{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"allof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Category\",\"in\":[\"CoreAzureBackup\",\"AddonAzureBackupJobs\",\"AddonAzureBackupAlerts\",\"AddonAzureBackupPolicy\",\"AddonAzureBackupStorage\",\"AddonAzureBackupProtectedInstance\"]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Enabled\",\"equals\":\"True\"}]}},\"Equals\":6},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType\",\"equals\":\"Dedicated\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vaultName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"logAnalyticsDestinationType\":\"Dedicated\",\"metrics\":[],\"logs\":[{\"category\":\"CoreAzureBackup\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupAlerts\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupJobs\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupPolicy\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupProtectedInstance\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupStorage\",\"enabled\":\"true\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), - 'configured for diagnostic logs for ', ': ', parameters('vaultName'), '/', - 'Microsoft.Insights/', parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft + 'configured for resource logs for ', ': ', parameters('vaultName'), '/', 'Microsoft.Insights/', + parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1619 - Information In Shared Resources\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c722e569-cb52-45f3-a643-836547d016e1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -16720,15 +23777,15 @@ interactions: This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Resource logs in Data Lake Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -16750,6 +23807,17 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c96f3246-4382-4264-bf6b-af0b35e23c3c\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private DNS provides a reliable, secure DNS service to manage and resolve + domain names in a virtual network without the need to add a custom DNS solution. + You can use private DNS zones to override the DNS resolution by using your + own custom domain names for a private endpoint. This policy deploys a private + DNS Zone for IoT Hub private endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotHub\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy automatically deploys diagnostic settings to network security groups. A storage account with name '{storagePrefixParameter}{NSGLocation}' will be @@ -16770,11 +23838,30 @@ interactions: network rules. These services will then use strong authentication to access the storage account.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"notContains\":\"AzureServices\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9d007d0-c057-4772-b18c-01e546713bcd\"},{\"properties\":{\"displayName\":\"App - Configuration should use a private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - endpoint connections allow clients on a virtual network to securely access - Azure App Configuration over a private link.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App + Configuration should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your app configuration instances + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows Azure Monitor agent to enable Azure Monitor assignments + on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows Azure Monitor agent to Windows virtual machines hosted in Azure that + are supported by Azure Monitor. Azure Monitor agent collects events from the + virtual machine that can be used to provide recommendations. Target virtual + machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorWindowsAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorWindowsAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca817e41-e85a-4783-bc7f-dc532d36235e\"},{\"properties\":{\"displayName\":\"Managed + disks should be double encrypted with both platform-managed and customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"High + security sensitive customers who are concerned of the risk associated with + any particular encryption algorithm, implementation, or key being compromised + can opt for additional layer of encryption using a different encryption algorithm/mode + at the infrastructure layer using platform managed encryption keys. The disk + encryption sets are required to use double encryption. Learn more at https://aka.ms/disks-doubleEncryption.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/diskEncryptionSets\"},{\"field\":\"Microsoft.Compute/diskEncryptionSets/encryptionType\",\"notEquals\":\"EncryptionAtRestWithPlatformAndCustomerKeys\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca91455f-eace-4f96-be59-e6e2c35b4816\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca94b046-45e2-444f-a862-dc8ce262a516\"},{\"properties\":{\"displayName\":\"Microsoft @@ -16820,9 +23907,9 @@ interactions: Sensitive data in your SQL databases should be classified\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive - data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Security + data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"3.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed virtual machine size SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of virtual machine size SKUs that your organization can deploy.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Compute\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -16852,12 +23939,12 @@ interactions: Managed Control 1104 - Audit Events\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdd8d244-18b2-4306-a1d1-df175ae0935f\"},{\"properties\":{\"displayName\":\"Deploy - export to Event Hub for Azure Security Center alerts and recommendations\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - export to Event Hub of Azure Security Center alerts and/or recommendations. - This policy deploys an export to Event Hub configuration with your conditions - and target Event Hub on the assigned scope. To deploy this policy on newly - created subscriptions, open the Compliance tab, select the relevant non-compliant - assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + export to Event Hub for Azure Security Center data\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + export to Event Hub of Azure Security Center data. This policy deploys an + export to Event Hub configuration with your conditions and target Event Hub + on the assigned scope. To deploy this policy on newly created subscriptions, + open the Compliance tab, select the relevant non-compliant assignment and + create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Event Hub configuration is created. If you enter a name for a resource group @@ -16865,17 +23952,20 @@ interactions: group can only have one export to Event Hub configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Event Hub configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;\"},\"allowedValues\":[\"Security recommendations\",\"Security - alerts\",\"Overall secure score\",\"Secure score controls\"],\"defaultValue\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -16886,30 +23976,52 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event Hub details\",\"description\":\"The Event Hub details of where the data should be exported to: Subscription, Event Hub Namespace, Event Hub, and Authorizations - rules with 'Send' claim. If you do not already have an event hub, visit Event - Hubs to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.EventHub%2Fnamespaces).\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + rules with 'Send' claim.\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"SeperatedEventHubDetails\":\"[split(parameters('eventHubDetails'),'/')]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"exportToEventHub\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Event Hub via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', @@ -16918,7 +24030,7 @@ interactions: '/', variables('SeperatedEventHubDetails')[3], '/', variables('SeperatedEventHubDetails')[4], '/', variables('SeperatedEventHubDetails')[5], '/', variables('SeperatedEventHubDetails')[6], '/', variables('SeperatedEventHubDetails')[7], '/', variables('SeperatedEventHubDetails')[8], - '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -16948,15 +24060,15 @@ interactions: Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Resource logs in Key Vault should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Key + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -16964,15 +24076,15 @@ interactions: Managed Control 1724 - Error Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d07594d1-0307-4c08-94db-5d71ff31f0f6\"},{\"properties\":{\"displayName\":\"Container - registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have any network or firewall (IP) rules configured - and so allow all network access by default. Restricting network access protects - container registries from potential threats. Container registries with at - least one IP / firewall rule or configured virtual network are deemed compliant. - For more information on Container Registry network rules, visit: https://aka.ms/acr/portal/public-network - and https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn't have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1084 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\"},{\"properties\":{\"displayName\":\"Add @@ -17009,12 +24121,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d1e1d65c-1013-4484-bd54-991332e6a0d2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1721 - Spam Protection | Central Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Guest - Configuration extension should be deployed to Azure virtual machines with - system assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Virtual + machines' Guest Configuration extension should be deployed with system-assigned + managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The Guest Configuration extension requires a system assigned managed identity. - This policy will report instances of the extension as non-compliant when the - machine where it is installed does not have a system assigned managed identity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Azure virtual machines in the scope of this policy will be non-compliant when + they have the Guest Configuration extension installed but do not have a system + assigned managed identity. Learn more at https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines/extensions\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines\",\"name\":\"[first(split(field('fullName'), '/'))]\",\"existenceCondition\":{\"field\":\"identity.type\",\"contains\":\"SystemAssigned\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d26f7642-7545-4e18-9b75-8c9bbdee3a9a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17024,7 +24137,15 @@ interactions: Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"domain\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"domain-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d389df0a-e0d7-4607-833c-75a6fdac2c2d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows VMs on which @@ -17074,7 +24195,16 @@ interactions: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id\",\"like\":\"[concat(parameters('virtualNetworkId'),'/*')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d416745a-506c-48b6-8ab1-83cb814bcaa3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1383 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Managed + disks should use a specific set of disk encryption sets for the customer-managed + key encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requiring + a specific set of disk encryption sets to be used with managed disks give + you control over the keys used for encryption at rest. You are able to select + the allowed encrypted sets and all others are rejected when attached to a + disk. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"allowedEncryptionSets\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + disk encryption set\",\"description\":\"The list of allowed disk encryption + sets for managed disks.\",\"strongType\":\"Microsoft.Compute/diskEncryptionSets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d461a302-a187-421a-89ac-84acdb4edc04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d461a302-a187-421a-89ac-84acdb4edc04\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Interactive Logon'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Interactive Logon' for displaying last user name and requiring ctrl-alt-del. @@ -17086,7 +24216,16 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsInteractiveLogon\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d472d2c9-d6a3-4500-9f5f-b15f123005aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d472d2c9-d6a3-4500-9f5f-b15f123005aa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1112 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs for Application Insights should be linked to a Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + the Application Insights component to a Log Analytics workspace for logs encryption. + Customer-managed keys are commonly required to meet regulatory compliance + and for more control over the access to your data in Azure Monitor. Linking + your component to a Log Analytics workspace that's enabled with a customer-managed + key, ensures that your Application Insights logs meet this compliance requirement, + see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/components\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"equals\":\"\"},{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"exists\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d550e854-df1a-4de9-bf44-cd894b39a95e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d550e854-df1a-4de9-bf44-cd894b39a95e\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic @@ -17189,7 +24328,23 @@ interactions: auditing Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that IoT Hub device provisioning + service instance isn't exposed on the public internet. Creating private endpoints + can limit exposure of the IoT Hub device provisioning instances. Learn more + at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d82101f3-f3ce-4fc5-8708-4c09f4009546\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d82101f3-f3ce-4fc5-8708-4c09f4009546\"},{\"properties\":{\"displayName\":\"Configure + Container registries with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + premium container registry resources, you can reduce data leakage risks. Learn + more at: https://aka.ms/privateendpoints and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"registry\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d85c6833-7d33-4cf5-a915-aaa2de84405f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d85c6833-7d33-4cf5-a915-aaa2de84405f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1016 - Account Management | Automated Audit Actions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d8b43277-512e-40c3-ab00-14b3b6e72238\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17199,13 +24354,19 @@ interactions: Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d922484a-8cfc-4a6b-95a4-77d6a685407f\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MySQL can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption in transit to encrypt communication + between Azure HDInsight cluster nodes\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission between Azure HDInsight cluster nodes. + Enabling encryption in transit addresses problems of misuse and tampering + during this transmission.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9da03a1-f3c3-412a-9709-947156872263\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9da03a1-f3c3-412a-9709-947156872263\"},{\"properties\":{\"displayName\":\"Audit Windows machines that do not store passwords using reversible encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines @@ -17219,7 +24380,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3bfb53-9c46-4010-b3db-a7ba1296dada\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1516 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to disable public network access \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your CosmosDB resource so that it's not accessible + over the public internet. This can reduce data leakage risks. Learn more at: + https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2021-01-15')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da69ba51-aaf1-41e5-8651-607cd0b37088\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Batch Account to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch Account which is missing this diagnostic settings is created @@ -17240,7 +24408,23 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"ServiceLog\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"db51110f-0865-4a6e-b274-e2e07a5b2cd7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Logic + Apps should be deployed into Integration Service Environment\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploying + Logic Apps into Integration Service Environment in a virtual network unlocks + advanced Logic Apps networking and security features and provides you with + greater control over your network configuration. Learn more at: https://aka.ms/integration-service-environment. + Deploying into Integration Service Environment also allows encryption with + customer-managed keys which provides enhanced data protection by allowing + you to manage your encryption keys. This is often to meet compliance requirements.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},{\"field\":\"Microsoft.Logic/workflows/integrationServiceEnvironment\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc595cb1-1cde-45f6-8faf-f88874e1c0e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc595cb1-1cde-45f6-8faf-f88874e1c0e1\"},{\"properties\":{\"displayName\":\"Web + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a web app should be located on an Azure file share. The + storage account information for the file share must be provided before any + publishing activity. To learn more about using Azure Files for hosting app + service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dcbc65aa-59f3-4239-8978-3bb869d82604\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dcbc65aa-59f3-4239-8978-3bb869d82604\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1439 - Media Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dce72873-c5f1-47c3-9b4f-6b8207fd5a45\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17318,7 +24502,24 @@ interactions: DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deacecc0-9f84-44d2-bb82-46f32d766d43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1528 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"MariaDB + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Recovery Services vaults should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Azure Recovery Services + vaults, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/AB-PrivateEndpoints.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"count\":{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState\",\"equals\":\"Succeeded\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deeddb44-9f94-4903-9fa0-081d524406e3\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to the IoT Hub device provisioning + service, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df39c015-56a4-45de-b4a3-efe77bed320d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df39c015-56a4-45de-b4a3-efe77bed320d\"},{\"properties\":{\"displayName\":\"MariaDB server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure Database for MariaDB while ensuring the traffic stays within the @@ -17327,7 +24528,20 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dfbd9a64-6114-48de-a47d-90574dc2e489\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dfbd9a64-6114-48de-a47d-90574dc2e489\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve to Azure + Cache for Redis. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + resource id of the private DNS zone\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"redisCache\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-redis-cache-windows-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e016b22b-e0eb-436d-8fd7-160c4eaed6e2\"},{\"properties\":{\"displayName\":\"Auditing + on Synapse workspace should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing + on your Synapse workspace should be enabled to track database activities across + all databases on the dedicated SQL pools and save them in an audit log.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired + Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e04e5000-cd89-451d-bb21-a14d24ff9c73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e04e5000-cd89-451d-bb21-a14d24ff9c73\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'User Rights Assignment' for allowing log on locally, RDP, access from the network, @@ -17473,9 +24687,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1da06bd-25b6-4127-a301-c313d6873fff\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your machines should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers which do not satisfy the configured baseline will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1047 - System Use Notification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17491,16 +24705,17 @@ interactions: advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled in virtual machine scale sets for listed virtual machine + images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed. The list of OS images + is updated over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1161 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17515,9 +24730,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/virtualNetworkGateways\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/gatewayType\",\"equals\":\"Vpn\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/sku.tier\",\"equals\":\"Basic\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with read permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP access from the Internet should be blocked\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits any network security rule that allows RDP access from Internet\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\"},{\"allOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\"equals\":\"Inbound\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"*\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"3389\"},{\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), @@ -17763,9 +24978,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e80b6812-0bfa-4383-8223-cdd86a46a890\"},{\"properties\":{\"displayName\":\"Vulnerabilities in container security configurations should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit vulnerabilities in security configuration on machines with Docker installed - and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic @@ -17784,12 +24999,13 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\"},{\"properties\":{\"displayName\":\"Container - registries should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections through private links. Public access can - then be disabled to ensure that only private links can be used to connect - to the registry. For more information, visit: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network.By mapping private endpoints to your container registries + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"count\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8eef0a8-67cf-4eb4-9386-14b0e78733d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -17800,7 +25016,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e901375c-8f01-4ac8-9183-d5312f47fe63\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1723 - Information Input Validation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Configure + Container registries to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Container + Registry. Learn more at: https://aka.ms/privatednszone and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint. It should be linked to the private endpoint's associated VNET.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"registry\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"containerRegistry-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1200 - Security Impact Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e98fe9d7-2ed3-44f8-93b7-24dca69783ff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -17811,7 +25036,14 @@ interactions: debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be created with infrastructure-encryption enabled + (double encryption)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure data encryption is enabled at the service level and the infrastructure + level with two different encryption algorithms and two different keys, use + an Azure Monitor dedicated cluster. This option is enabled by default when + supported at the region, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys#customer-managed-key-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/isDoubleEncryptionEnabled\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea0dfaed-95fb-448c-934e-d6e713ce393d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea0dfaed-95fb-448c-934e-d6e713ce393d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea3e8156-89a1-45b1-8bd6-938abc79fdfd\"},{\"properties\":{\"displayName\":\"Inherit @@ -17840,11 +25072,10 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea556850-838d-4a37-8ce5-9d7642f95e11\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1542 - Risk Assessment\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Ensure - Function app has 'Client Certificates (Incoming client certificates)' set - to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Function + apps should have 'Client Certificates (Incoming client certificates)' enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client certificates allow for the app to request a certificate for incoming requests. - Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App + Only clients with valid certificates will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eaebaea7-8013-4ceb-9d14-7eb32271373c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -17871,9 +25102,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"log_duration\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\"},{\"properties\":{\"displayName\":\"Deprecated accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts with owner permissions should be removed from your subscription. - \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit Windows machines that don't have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the application @@ -17894,9 +25125,9 @@ interactions: security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms - and two different keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + and two different keys.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -17934,7 +25165,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eca4d7b2-65e2-4e04-95d4-c68606b063c3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1622 - Boundary Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Event Hub namespaces. + Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ed66d4f5-8220-45dc-ab4a-20d1749c74e6\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Key @@ -17973,10 +25213,24 @@ interactions: Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspace to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Machine + Learning workspaces. Learn more at: https://docs.microsoft.com/azure/machine-learning/how-to-network-security-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"amlworkspace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"amlworkspace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee40564d-486e-4f68-a5ca-7a621edae0fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1189 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search services should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your Azure Cognitive + Search service is not exposed on the public internet. Creating private endpoints + can limit exposure of your Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee980b6d-0eca-4501-8d54-f6290fd512c3\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Accounts' for limiting local account use of blank passwords and @@ -18004,8 +25258,14 @@ interactions: enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\"},{\"properties\":{\"displayName\":\"API - Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - network on API Management services of the specified SKU should be enabled.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security, isolation and allows + you to place your API Management service in a non-internet routable network + that you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"evaluatedSkuNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"API Management SKU Names\",\"description\":\"List of API Management SKUs against @@ -18075,12 +25335,21 @@ interactions: TLS version should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Service Bus namespaces. + Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0fcf93c-c063-4071-9668-c47474bd3564\"},{\"properties\":{\"displayName\":\"Deploy Workflow Automation for Azure Security Center alerts\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable automation of Azure Security Center alerts. This policy deploys a workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select - the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow @@ -18091,13 +25360,14 @@ interactions: name contains\",\"description\":\"String included in the required alert name. For a full reference list of Security Center's alerts, see https://docs.microsoft.com/azure/security-center/alerts-reference.\"},\"defaultValue\":\"\"},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Alert is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Alert is created - or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('alertSeverities'),if(equals(parameters('alertName'), + ''), array('3.'), array(parameters('alertName'))))]\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"in\":\"[union(array('Severity'),if(equals(parameters('alertName'), + ''), array('Version'), array('AlertDisplayName')))]\"},{\"count\":{\"value\":\"[parameters('alertSeverities')]\",\"name\":\"alertSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"Severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('alertSeverity')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('alertSeverities'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"severityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"triggerMap\":{\"Manual (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center Alert @@ -18263,25 +25533,28 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b245d4-46c9-42be-9b1a-49e2b5b94194\"},{\"properties\":{\"displayName\":\"Disk encryption should be enabled on Azure Data Explorer\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling disk encryption helps protect and safeguard your data to meet your organizational - security and compliance commitments.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + security and compliance commitments.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy Auditing on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The + region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention days (optional, 180 days if unspecified)\"},\"defaultValue\":\"180\"},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name for storage accounts\",\"description\":\"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing - do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), 0, 3)]\",\"storageName\":\"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('sqlServerAuditingStorageAccount-', - uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"templateLink\":{\"uri\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\"contentVersion\":\"1.0.0.0\"}}},{\"name\":\"[concat(parameters('serverName'), - '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"auditActionsAndGroups\":null,\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft + uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure SQL servers to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1469 - Power Equipment And Cabling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18352,9 +25625,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your virtual machines from potential threats by restricting access to them with network security groups (NSG). Learn more about controlling traffic with - NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit Linux machines that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that @@ -18392,7 +25665,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f771f8cb-6642-45cc-9a15-8a41cd5c6977\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1449 - Physical Access Authorizations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use system-assigned managed identity + authentication when it is supported\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Using + system-assigned managed identity when communicating with data stores via linked + services avoids the use of less secured credentials such as passwords or connection + strings.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"AzureSqlDatabase\",\"AzureSqlMI\",\"AzureSqlDW\",\"AzureBlobFS\",\"AdlsGen2CosmosStructuredStream\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureBlobStorage\",\"AzureDatabricks\"]},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"User + ID=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f78ccdb4-7bf4-4106-8647-270491d2978a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1506 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\"},{\"properties\":{\"displayName\":\"Azure @@ -18415,9 +25696,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f82e3639-fa2b-4e06-a786-932d8379b972\"},{\"properties\":{\"displayName\":\"External accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with owner permissions should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1345 - Cryptographic Module Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18447,15 +25728,21 @@ interactions: Other System Events;ExpectedValue\",\"value\":\"[parameters('AuditOtherSystemEvents')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Diagnostic + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Resource logs in Service Bus should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Service + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Service Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Azure + Event Grid domains should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8f774be-6aee-492a-9e29-486ef81f3a68\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -18472,22 +25759,28 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9a165d2-967d-4733-8399-1074270dae2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Stream Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Stream + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Stream Analytics\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest TLS version should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9d614c5-c173-4d56-95a7-b4437057d193\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Saved-queries + in Azure Monitor should be saved in customer storage account for logs encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + storage account to Log Analytics workspace to protect saved-queries with storage + account encryption. Customer-managed keys are commonly required to meet regulatory + compliance and for more control over the access to your saved-queries in Azure + Monitor. For more details on the above, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys?tabs=portal#customer-managed-key-for-saved-queries.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/workspaces\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/workspaces/forceCmkForQuery\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa298e57-9444-42ba-bf04-86e8470e32c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa298e57-9444-42ba-bf04-86e8470e32c7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa4c2a3d-1294-41a3-9ada-0e540471e9fb\"},{\"properties\":{\"displayName\":\"Microsoft @@ -18533,7 +25826,24 @@ interactions: on Azure Storage encryption at rest can be found here https://aka.ms/azurestoragebyok. \",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/logProfiles\"},{\"field\":\"Microsoft.Insights/logProfiles/storageAccountId\",\"exists\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"value\":\"[contains(field('Microsoft.Insights/logProfiles/storageAccountId'), - subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"[Preview]: + subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Cognitive + Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"searchService\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"searchService-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbc14a67-53e4-4932-abcc-2049c6706009\"},{\"properties\":{\"displayName\":\"Virtual + machines and virtual machine scale sets should have encryption at host enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + encryption at host to get end-to-end encryption for your virtual machine and + virtual machine scale set data. Encryption at host enables encryption at rest + for your temporary disk and OS/data disk caches. Temporary and ephemeral OS + disks are encrypted with platform-managed keys when encryption at host is + enabled. OS/data disk caches are encrypted at rest with either customer-managed + or platform-managed key, depending on the encryption type selected on the + disk. Learn more at https://aka.ms/vm-hbe.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc4d8e41-e223-45ea-9bf5-eada37891d87\"},{\"properties\":{\"displayName\":\"[Preview]: All Internet traffic should be routed via your deployed Azure Firewall\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats @@ -18551,10 +25861,10 @@ interactions: that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines should meet the requirements for the Azure security baseline\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxOMSBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Configuration\",\"version\":\"1.1.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureLinuxBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxOMSBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureLinuxBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -18583,8 +25893,8 @@ interactions: Source\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MariaDB can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall @@ -18598,7 +25908,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1613 - Developer Security Architecture And Design\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"Cognitive + Services accounts should use a managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Assigning + a managed identity to your Cognitive Service account helps ensure secure authentication. + This identity is used by this Cognitive service account to communicate with + other Azure services, like Azure Key Vault, in a secure way without you having + to manage any credentials.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"anyOf\":[{\"field\":\"identity.type\",\"exists\":\"false\"},{\"field\":\"identity.type\",\"equals\":\"None\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe3fd216-4f83-4fc1-8984-2bbec80a3418\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -18609,18 +25926,18 @@ interactions: Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"installed_application_linux\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"},{\"properties\":{\"displayName\":\"Vulnerabilities on your SQL databases should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Monitor Vulnerability Assessment scan results and recommendations for how to remediate - database vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security + database vulnerabilities.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ff9fbd83-1d8d-4b41-aac2-94cb44b33976\"},{\"properties\":{\"displayName\":\"Deploy - export to Log Analytics workspace for Azure Security Center alerts and recommendations\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable - export to Log Analytics workspace of Azure Security Center alerts and/or recommendations. - This policy deploys an export to Log Analytics workspace configuration with - your conditions and target workspace on the assigned scope. To deploy this - policy on newly created subscriptions, open the Compliance tab, select the - relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + export to Log Analytics workspace for Azure Security Center data\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + export to Log Analytics workspace of Azure Security Center data. This policy + deploys an export to Log Analytics workspace configuration with your conditions + and target workspace on the assigned scope. To deploy this policy on newly + created subscriptions, open the Compliance tab, select the relevant non-compliant + assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for @@ -18629,17 +25946,20 @@ interactions: configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;\"},\"allowedValues\":[\"Security recommendations\",\"Security - alerts\",\"Overall secure score\",\"Secure score controls\"],\"defaultValue\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -18650,41 +25970,64 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"The Log Analytics workspace of where - the data should be exported to. If you do not already have a log analytics - workspace, visit Log Analytics workspaces to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces).\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + the data should be exported to.\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"ExportToWorkspace\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Log Analytics workspace via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', - subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1158 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fff50cf2-28eb-45b4-b378-c99412688907\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod hostPath volumes can only use allowed host paths in a Kubernetes - Cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Limit + pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -18692,10 +26035,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed host paths\",\"description\":\"The host paths allowed for pod hostPath volumes - to use. Provide an empty paths list to block all host paths.\",\"schema\":{\"type\":\"object\",\"properties\":{\"paths\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"pathPrefix\":{\"type\":\"string\"},\"readOnly\":{\"type\":\"boolean\"}},\"required\":[\"pathPrefix\",\"readOnly\"],\"additionalProperties\":false}}},\"required\":[\"paths\"],\"additionalProperties\":false}},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: + to use. Provide an empty paths list to block all host paths.\"},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time that a certificate can be valid within your key vault.\",\"metadata\":{\"version\":\"2.1.0-preview\",\"category\":\"Key @@ -18740,7 +26085,7 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"less\":\"[parameters('minimumDaysBeforeExpiry')]\"}]},{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"greater\":\"[parameters('maximumPercentageLife')]\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12ef42cb-9903-4e39-9c26-422d29570417\"},{\"properties\":{\"displayName\":\"[Preview]: - Keys should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic + Key Vault keys should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic keys should have a defined expiration date and not be permanent. Keys that are valid forever provide a potential attacker with more time to compromise the key. It is a recommended security practice to set expiration dates on @@ -18749,11 +26094,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods can only use allowed volume types in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + can only use allowed volume types in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -18761,10 +26107,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed volume types\",\"description\":\"The list of volume types that can be used by a pod. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: Enforce labels on pods in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -18772,24 +26120,28 @@ interactions: service\",\"deprecated\":true},\"parameters\":{\"commaSeparatedListOfLabels\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: Comma-separated list of labels\",\"description\":\"A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Enforce - HTTPS ingress in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should be accessible only over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + of HTTPS ensures authentication and protects data in transit from network + layer eavesdropping attacks. This capability is currently generally available + for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc + enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes - clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow containers to use privilege escalation in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow containers to run with privilege escalation to root in a Kubernetes + cluster. This recommendation is part of CIS 5.2.5 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -18797,8 +26149,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: Configure log filter expressions and datastore to be used for full logs for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide log filter expression and datastore to be used for full @@ -18812,22 +26166,24 @@ interactions: used to filter logs. Ex. ^prefix1.*$\"},\"defaultValue\":[]},\"datastore\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Datastore\",\"description\":\"Datastore used to store filtered logs. Ex. LogsDatastore which is configured in AML.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Ensure - services listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces services to listen only on allowed ports in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - service ports list\",\"description\":\"The list of service ports allowed in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should listen only on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + services to listen only on allowed ports to secure access to the Kubernetes + cluster. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + service ports list\",\"description\":\"The list of service ports allowed in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"allowedPorts\":\"[parameters('allowedServicePortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure services listen only on allowed ports in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces services to listen only on allowed ports in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -18865,68 +26221,77 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"approvalEndpoint\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Approval endpoint\",\"description\":\"Approval endpoint that needs to be called before an Azure ML job is run. Ex. http://amlrunapproval/approve\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Enforce - internal load balancers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces load balancers do not have public IPs in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should use internal load balancers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + internal load balancers to make a Kubernetes service accessible only to applications + running in the same virtual network as the Kubernetes cluster. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should disable automounting API credentials\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Disable automounting API credentials to prevent a potentially compromised Pod resource - to run API commands against Kubernetes clusters. For instructions on using - this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Ensure - containers listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces containers to listen only on allowed ports in a Kubernetes + to run API commands against Kubernetes clusters. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only listen on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + containers to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - container ports list\",\"description\":\"The list of container ports allowed - in a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Enforce - labels on pods in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces the specified labels are provided for pods in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List - of labels\",\"description\":\"The list of labels to be specified on Pods in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + container ports list\",\"description\":\"The list of container ports allowed + in a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"allowedPorts\":\"[parameters('allowedContainerPortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods should use specified labels\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + specified labels to identify the pods in a Kubernetes cluster. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy blocks pod containers from sharing the host process ID namespace and - host IPC namespace in a Kubernetes cluster. This policy is generally available - for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled - Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List + of labels\",\"description\":\"The list of labels to be specified on Pods in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Block + pod containers from sharing the host process ID namespace and host IPC namespace + in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS + 5.2.3 which are intended to improve the security of your Kubernetes environments. + This policy is generally available for Kubernetes Service (AKS), and preview + for AKS Engine and Azure Arc enabled Kubernetes. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -18934,8 +26299,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time in days that a key can be valid within your key vault.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Key @@ -18947,11 +26314,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"greater\":\"[addDays(field('Microsoft.KeyVault.Data/vaults/keys/attributes.createdOn'), parameters('maximumValidityInDays'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"49a22571-d204-4c91-a7b6-09b1a586fbc9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed AppArmor profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -18959,11 +26327,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed AppArmor profiles\",\"description\":\"The list of AppArmor profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed module authors for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide allowed module authors in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit @@ -18974,11 +26344,12 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"allowedModuleAuthors\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Allowed module authors\",\"description\":\"List of allowed module authors.\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"allowedModuleAuthors\",\"value\":\"[parameters('allowedModuleAuthors')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53c70b02-63dd-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53c70b02-63dd-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers do not use forbidden sysctl interfaces in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -18986,11 +26357,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden sysctls\",\"description\":\"The list of plain sysctl names or sysctl patterns which end with *. The string * matches all sysctls. For more information, visit https://aka.ms/k8s-policy-sysctl-interfaces.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed registries for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, @@ -19084,11 +26457,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keyType\",\"in\":[\"RSA\",\"RSA-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keySize\",\"less\":\"[parameters('minimumRSAKeySize')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82067dbb-e53b-4e06-b631-546d197452d9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls pod access to the host network and the allowable host port - range in a Kubernetes cluster. This policy is generally available for Kubernetes - Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. - For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + pod access to the host network and the allowable host port range in a Kubernetes + cluster. This recommendation is part of CIS 5.2.4 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19096,14 +26470,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow host network usage\",\"description\":\"Set this value to true if pod is allowed to use host network otherwise false.\"},\"defaultValue\":false},\"minPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Min host port\",\"description\":\"The minimum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0},\"maxPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Max host port\",\"description\":\"The maximum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the Azure integrated certificate authorities that can issue certificates in your key vault such @@ -19113,25 +26489,29 @@ interactions: certificate authorities supported by Azure Key Vault.\"},\"allowedValues\":[\"DigiCert\",\"GlobalSign\"],\"defaultValue\":[\"DigiCert\",\"GlobalSign\"]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' - turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Do - not allow privileged containers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow privileged containers creation in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster should not allow privileged containers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow privileged containers creation in a Kubernetes cluster. This recommendation + is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes + environments. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed seccomp profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed seccomp profiles in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19139,13 +26519,17 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed seccomp profiles\",\"description\":\"The list of seccomp profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: - Secrets should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"It - is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: + Key Vault secrets should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Secrets + should have a defined expiration date and not be permanent. Secrets that are + valid forever provide a potential attacker with more time to compromise them. + It is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' @@ -19153,16 +26537,19 @@ interactions: Kubernetes clusters should not use the default namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. - For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified non-integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the custom or internal @@ -19176,19 +26563,21 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName\",\"notContains\":\"[parameters('caCommonName')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a22f4a40-01d3-4c7d-8071-da157eeff341\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should not use specific security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent specific security capabilities in Kubernetes clusters to prevent ungranted - privileges on the Pod resource. For instructions on using this policy, please - visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' - allows a non-compliant resource to be created or updated, but flags it as - non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from - policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Blocked - capabilities\",\"description\":\"List of capabilities that containers are - not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Blocked capabilities\",\"description\":\"List of capabilities that containers + are not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure CPU and memory resource limits defined on containers in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy ensures CPU and memory resource limits are defined on containers in an Azure Kubernetes Service cluster. This policy is deprecated, please visit @@ -19219,10 +26608,10 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Deprecated]: Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to - exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace - inclusions\",\"description\":\"List of Kubernetes namespaces to only include - in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Deprecated]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fd3e59-6390-4f2b-8247-ea676bd03e2d\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates using elliptic curve cryptography should have allowed curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage the allowed elliptic curve names for ECC Certificates stored in key vault. @@ -19233,11 +26622,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\"in\":[\"EC\",\"EC-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName\",\"notIn\":\"[parameters('allowedECNames')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd78111f-4953-4367-9fd5-7e08808b54bf\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed capabilities in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + the capabilities to reduce the attack surface of containers in a Kubernetes + cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are + intended to improve the security of your Kubernetes environments. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19245,12 +26635,14 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed capabilities\",\"description\":\"The list of capabilities that are allowed to be added to a container. Provide empty list as input to block everything.\"},\"defaultValue\":[]},\"requiredDropCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Required drop capabilities\",\"description\":\"The list of capabilities that must be dropped by a container.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Specify the number of days that a key should be active. Keys that are used for an extended period of time increase the probability that an attacker could compromise @@ -19278,12 +26670,43 @@ interactions: Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"Kubernetes service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers run with a read only root file system in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"[Preview]: + Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"To + reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux + capabilities. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"CAP_SYS_ADMIN\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d2e7ea85-6b44-4317-a0be-1b951587f626\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d2e7ea85-6b44-4317-a0be-1b951587f626\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should only use allowed external IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes + cluster. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from + policy evaluation. Providing a value for this parameter is optional.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + inclusions\",\"description\":\"List of Kubernetes namespaces to only include + in policy evaluation. An empty list means the policy is applied to all resources + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedExternalIPs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + External IPs\",\"description\":\"List of External IPs that services are allowed + to use. Empty array means all external IPs are disallowed.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedExternalIPs\":\"[parameters('allowedExternalIPs')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d46c275d-1680-448d-b2ec-e495a3b6cc89\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d46c275d-1680-448d-b2ec-e495a3b6cc89\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Run + containers with a read only root file system to protect from changes at run-time + with malicious binaries being added to PATH in a Kubernetes cluster. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19291,13 +26714,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods and containers only use allowed SELinux options in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + and containers should only use allowed SELinux options in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19305,29 +26731,33 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed SELinux options\",\"description\":\"The allowed configurations for pod and container level SELinux Options. Provide empty options list as input to block - everything.\",\"schema\":{\"type\":\"object\",\"properties\":{\"options\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"level\":{\"type\":\"string\"},\"role\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"},\"user\":{\"type\":\"string\"}},\"additionalProperties\":false}}},\"required\":[\"options\"],\"additionalProperties\":false}},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Ensure - container CPU and memory resource limits do not exceed the specified limits - in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures container CPU and memory resource limits are defined and do - not exceed the specified limits in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed CPU units\",\"description\":\"The maximum CPU units allowed for a - container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed memory bytes\",\"description\":\"The maximum memory bytes allowed - for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + everything.\"},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers CPU and memory resource limits should not exceed the specified + limits\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Enforce + container CPU and memory resource limits to prevent resource exhaustion attacks + in a Kubernetes cluster. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed CPU units\",\"description\":\"The maximum CPU units allowed for a + container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed memory bytes\",\"description\":\"The maximum memory bytes allowed + for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: Secrets should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"If your secrets were created with an activation date set in the future, you must ensure that your secrets have not been active for longer than the specified @@ -19340,12 +26770,13 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/secrets\"},{\"value\":\"[utcNow()]\",\"greater\":\"[addDays(if(empty(field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.createdOn'), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), parameters('maximumValidityInDays'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d99835-8a06-45ae-a8e0-87a91941ccfe\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls the user, primary group, supplemental group and file system - group IDs that pods and containers can use to run in a Kubernetes Cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Control + the user, primary group, supplemental group and file system group IDs that + pods and containers can use to run in a Kubernetes Cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19353,29 +26784,32 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as user rule\",\"description\":\"The 'RunAsUser' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MustRunAsNonRoot\",\"RunAsAny\"],\"defaultValue\":\"MustRunAsNonRoot\"},\"runAsUserRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed user ID ranges\",\"description\":\"The user ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as group rule\",\"description\":\"The 'RunAsGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"runAsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed group ID ranges\",\"description\":\"The group ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental group rule\",\"description\":\"The 'SupplementalGroups' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"supplementalGroupsRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed supplemental group ID ranges\",\"description\":\"The supplemental group ID - ranges that are allowed for containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File + ranges that are allowed for containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File system group rule\",\"description\":\"The 'FSGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"fsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed file system group ID ranges\",\"description\":\"The file system group ranges - that are allowed for pods to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"},\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod FlexVolume volumes only use allowed drivers in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + that are allowed for pods to use.\"},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19383,10 +26817,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed FlexVolume drivers\",\"description\":\"The list of drivers that FlexVolume volumes are allowed to use. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should not expire within the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage certificates that will expire within a specified number of days to ensure your organization has sufficient time to rotate the certificate prior to expiration.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Key @@ -19397,11 +26833,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn\",\"lessOrEquals\":\"[addDays(utcNow(), parameters('daysToExpire'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f772fb64-8e40-40ad-87bc-7706e1949427\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed ProcMountType in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed ProcMountTypes in a Kubernetes cluster. This + recommendation is part of Pod Security Policies which are intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -19409,25 +26846,29 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The ProcMountType that containers are allowed to use in the cluster.\"},\"allowedValues\":[\"Unmasked\",\"Default\"],\"defaultValue\":\"Default\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Ensure - only allowed container images in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures only allowed container images are running in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed - container images regex\",\"description\":\"The RegEx rule used to match allowed - container images in a Kubernetes cluster. For example, to allow any Azure - Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed images\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + images from trusted registries to reduce the Kubernetes cluster's exposure + risk to unknown vulnerabilities, security issues and malicious images. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed + container images regex\",\"description\":\"The RegEx rule used to match allowed + container images in a Kubernetes cluster. For example, to allow any Azure + Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"imageRegex\":\"[parameters('allowedContainerImagesRegex')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: Keys using elliptic curve cryptography should have the specified curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Keys backed by elliptic curve cryptography can have different curve names. Some applications are only compatible with specific elliptic curve keys. Enforce @@ -19442,11 +26883,11 @@ interactions: cache-control: - no-cache content-length: - - '2498010' + - '2920414' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:13 GMT + - Mon, 22 Mar 2021 08:44:58 GMT expires: - '-1' pragma: @@ -19476,8 +26917,8 @@ interactions: ParameterSetName: - --management-group User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -19500,11 +26941,28 @@ interactions: Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"00379355-8932-4b52-b63a-3bc6daf3451a\"},{\"properties\":{\"displayName\":\"Vulnerability + assessment should be enabled on your Synapse workspaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Discover, + track, and remediate potential vulnerabilities by configuring recurring SQL + vulnerability assessment scans on your Synapse workspaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0049a6b3-a662-4f3e-8635-39cf44ace45a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"Azure + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"},{\"properties\":{\"displayName\":\"SQL + Server Integration Services integration runtimes on Azure Data Factory should + be joined to a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security and isolation for your + SQL Server Integration Services integration runtimes on Azure Data Factory, + as well as subnets, access control policies, and other features to further + restrict access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.vnetProperties.vnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0088bc63-6dee-4a9c-9d29-91cfdc848952\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Batch accounts without a need for public IP addresses at the source or + destination. Learn more about private endpoints in Batch at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/009a0c92-f5b4-4776-9b66-4ed2b4775563\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"009a0c92-f5b4-4776-9b66-4ed2b4775563\"},{\"properties\":{\"displayName\":\"Azure Backup should be enabled for Virtual Machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure Backup is a secure and cost effective data protection solution for Azure.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -19571,7 +27029,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03b78f5e-4877-4303-b0f4-eb6583f25768\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1361 - Incident Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"03ed3be1-7276-4452-9a5d-e4168565ac67\"},{\"properties\":{\"displayName\":\"Azure + Kubernetes Service Private Clusters should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + the private cluster feature for your Azure Kubernetes Service cluster to ensure + network traffic between your API server and your node pools remains on the + private network only. This is a common requirement in many regulatory and + industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"field\":\"Microsoft.ContainerService/managedClusters/apiServerAccessProfile.enablePrivateCluster\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"040732e8-d947-40b8-95d6-854c95024bf8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1594 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"042ba2a1-8bb8-45f4-b080-c78cf62b90e9\"},{\"properties\":{\"displayName\":\"Audit @@ -19635,11 +27099,11 @@ interactions: Managed Control 1572 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\"},{\"properties\":{\"displayName\":\"Azure - API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + API for FHIR should use a customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer - of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + of encryption on top of the default one done with service-managed keys.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API for FHIR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HealthcareApis/services\"},{\"field\":\"Microsoft.HealthcareApis/services/cosmosDbConfiguration.keyVaultKeyUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"051cba44-2429-45b9-9649-46cec11c7119\"},{\"properties\":{\"displayName\":\"Deploy Log Analytics agent for Linux VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy @@ -19658,9 +27122,14 @@ interactions: Managed Control 1331 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"05460fe2-301f-4ed1-8174-d62c8bb92ff4\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Azure Front Door Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Azure Front Door Service. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Application Firewall (WAF) should be enabled for Azure Front Door Service + service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/frontdoors\"},{\"field\":\"Microsoft.Network/frontdoors/frontendEndpoints[*].webApplicationFirewallPolicyLink.id\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"055aa869-bc98-4af8-bafc-23f1ab6ffe2c\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity @@ -19673,15 +27142,15 @@ interactions: that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\"notEquals\":\"\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\"},\"notEquals\":0}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Data Lake Store should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"057ef27e-665e-4328-8ea3-04b3122bd9fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -19701,7 +27170,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063b540e-4bdc-4e7a-a569-3a42ddf22098\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1688 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"063c3f09-e0f0-4587-8fd5-f4276fae675f\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + access the private endpoint(s) for Storage Sync Service resource interfaces + from a registered server, you need to configure your DNS to resolve the correct + names to your private endpoint's private IP addresses. This policy creates + the requisite Azure Private DNS Zone and A records for the interfaces of your + Storage Sync Service private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"Private + DNS Zone Identifier\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"afs\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f\",\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-afs\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"06695360-db88-47f6-b976-7500d4297475\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"068260be-a5e6-4b0a-a430-cd27071c226a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19719,7 +27197,7 @@ interactions: network access should be disabled for Cognitive Services accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only - connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + connections from private endpoints are allowed.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0725b4dd-7e76-479c-a735-68e7ee23d5ca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated @@ -19731,16 +27209,16 @@ interactions: app. Allow only required domains to interact with your Function app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed. The list of OS images will be updated over - time as support is updated.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled @@ -19779,14 +27257,14 @@ interactions: machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential - attack surface\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security + attack surface\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f9f0eed0-f143-47bf-b856-671ea2eeed62\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"},{\"properties\":{\"displayName\":\"There should be more than one owner assigned to your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate more than one subscription owner in order to have - administrator access redundancy.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + administrator access redundancy.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"2c79b4af-f830-b61e-92b9-63dfa30f16e4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1159 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0925f098-7877-450b-8ba4-d1e55f2d8795\"},{\"properties\":{\"displayName\":\"Disk @@ -19836,13 +27314,13 @@ interactions: to Azure Database for MariaDB. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"[Preview]: - Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a1302fb-a631-4106-9753-f3d494733990\"},{\"properties\":{\"displayName\":\"Azure + Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements - and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft + and safeguards on your clusters in a centralized, consistent manner.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/addonProfiles.azurePolicy.enabled\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a15ec92-a229-4763-bb14-0ea34a568f8d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1654 - Voice Over Internet Protocol\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a2ee16e-ab1f-414a-800b-d1608835862b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19853,7 +27331,7 @@ interactions: implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a77fcc7-b8d8-451a-ab52-56197913c0c7\"},{\"properties\":{\"displayName\":\"Audit resource location matches resource group location\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - that the resource location matches its resource group location\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"location\",\"notIn\":[\"[resourcegroup().location]\",\"global\"]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: + that the resource location matches its resource group location\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[resourcegroup().location]\"},{\"field\":\"location\",\"notEquals\":\"global\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a914e76-4921-4c19-b460-a2d36003525a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -19869,7 +27347,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\"}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0a9991e6-21be-49f9-8916-a06d934bcf29\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your containers with greater flexibility using customer-managed keys. When + you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.vaultBaseUrl\",\"exists\":false},{\"field\":\"Microsoft.ContainerInstance/containerGroups/encryptionProperties.keyName\",\"exists\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0aa61e00-0a01-4a3c-9945-e93cffedf0e6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1044 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0abbac52-57cf-450d-8408-1208d0dd9e90\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19880,22 +27366,21 @@ interactions: notification to subscription owner for high severity alerts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To ensure your subscription owners are notified when there is a potential security breach in their subscription, set email notifications to subscription owners - for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security + for high severity alerts in Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"notEquals\":\"Off\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"not\":{\"allOf\":[{\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\",\"equals\":\"Off\"},{\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\",\"equals\":\"High\"}]}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b15565f-aa9e-48ba-8619-45960f2c314d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b1aa965-7502-41f9-92be-3e2fe7cc392a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1020 - Account Management | Role-Based Schemes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b291ee8-3140-4cad-beb7-568c077c78ce\"},{\"properties\":{\"displayName\":\"Key - vault should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + vaults should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious deletion of a key vault can lead to permanent data loss. A malicious insider - in your organization may potentially be able to gain access to delete and - purge key vaults. Purge protection protects you from insider attacks by enforcing - a mandatory retention period for soft deleted key vaults. No one inside your - organization or Microsoft will be able to purge your key vaults during the - soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key + in your organization can potentially delete and purge key vaults. Purge protection + protects you from insider attacks by enforcing a mandatory retention period + for soft deleted key vaults. No one inside your organization or Microsoft + will be able to purge your key vaults during the soft delete retention period.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enablePurgeProtection\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -19925,7 +27410,13 @@ interactions: certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"},{\"properties\":{\"displayName\":\"Private + endpoint connections on Automation Accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Automation accounts without a need for public IP addresses at the source + or destination. Learn more about private endpoints in Azure Automation at + https://docs.microsoft.com/azure/automation/how-to/private-link-security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0c2b3618-68a8-4034-a150-ff4abc873462\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0c2b3618-68a8-4034-a150-ff4abc873462\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1496 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ca96127-2f87-46ab-a4fc-0d2a786df1c8\"},{\"properties\":{\"displayName\":\"SQL @@ -19934,7 +27425,14 @@ interactions: and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/encryptionProtector\",\"name\":\"current\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Sql/servers/encryptionProtector/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"},{\"properties\":{\"displayName\":\"Private + endpoint should be enabled for IoT Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections enforce secure communication by enabling private connectivity + to IoT Hub. Configure a private endpoint connection to enable access to traffic + coming only from known networks and prevent access from all other IP addresses, + including within Azure.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/IotHubs/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d40b058-9f95-4a19-93e3-9b0330baa2a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d40b058-9f95-4a19-93e3-9b0330baa2a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1518 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d58f734-c052-40e9-8b2f-a1c2bff0b815\"},{\"properties\":{\"displayName\":\"Microsoft @@ -19954,9 +27452,9 @@ interactions: visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDefenderExploitGuard\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"},{\"properties\":{\"displayName\":\"Deploy a flow log resource with target network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configures flow log for specific network security group. It will allow to log information about IP traffic flowing through an network security group. Flow log helps @@ -19993,7 +27491,13 @@ interactions: Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Authorized + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure File Sync to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Azure File Sync's internet-accessible public endpoint are disabled by your + organizational policy. You may still access the Storage Sync Service via its + private endpoint(s).\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"Audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"value\":\"AllowVirtualNetworksOnly\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0e07b2e9-6cd9-4c40-9ccb-52817b95133b\"},{\"properties\":{\"displayName\":\"Authorized IP ranges should be defined on Kubernetes Services\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized @@ -20030,7 +27534,15 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ecd903d-91e7-4726-83d3-a229d7f2e293\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1601 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"[Preview]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"},{\"properties\":{\"displayName\":\"Configure + Batch accounts with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Batch + accounts, you can reduce data leakage risks. Learn more about private links + at: https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"equals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Batch/batchAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"batchAccount\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0ef5aac7-c064-427a-b87b-d47b3ddcaf73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0ef5aac7-c064-427a-b87b-d47b3ddcaf73\"},{\"properties\":{\"displayName\":\"[Preview]: Audit Azure Spring Cloud instances where distributed tracing is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Distributed tracing tools in Azure Spring Cloud allow debugging and monitoring the complex interconnections between microservices in an application. Distributed tracing @@ -20054,7 +27566,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fb8d3ce-9e96-481c-9c68-88d4e3019310\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1017 - Account Management | Inactivity Logout\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"CORS + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fc3db37-e59a-48c1-84e9-1780cedb409e\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Container registries\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that container registries + are not exposed on the public internet. Creating private endpoints can limit + exposure of container registry resources. Learn more at: https://aka.ms/acr/portal/public-network + and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"0fdf0491-d080-4575-b627-ad0e843cba0f\"},{\"properties\":{\"displayName\":\"CORS should not allow every domain to access your API for FHIR\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly @@ -20102,21 +27621,29 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11158848-f679-4e9b-aa7b-9fb07d945071\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1432 - Media Storage\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Cognitive + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1140e542-b80d-4048-af45-3f7245be274b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure IoT Hubs to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint. This policy disables + public network access on IoT Hub resources.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/114eec6e-5e59-4bad-999d-6eceeb39d582\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"114eec6e-5e59-4bad-999d-6eceeb39d582\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should use customer owned storage or enable data encryption.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11566b39-f7f7-4b82-ab06-68d8700eb0a4\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed. The list of OS images is updated + over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"11ac78e3-31bc-4f0c-8434-37ab963cea07\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - System settings'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - System settings' for certificate rules on executables for SRP and @@ -20189,9 +27716,9 @@ interactions: Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow - in adaptive application control policies.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + in adaptive application control policies.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"1234abcd-1b53-4fd4-9835-2c2fa3935313\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"123a3936-f020-408a-ba0c-47873faf1534\"},{\"properties\":{\"displayName\":\"Web Application Firewall (WAF) should use the specified mode for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Mandates the use of 'Detection' or 'Prevention' mode to be active on all Web Application Firewall policies for Application Gateway.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -20199,7 +27726,13 @@ interactions: Requirement\",\"description\":\"Mode required for all WAF policies\"},\"allowedValues\":[\"Prevention\",\"Detection\"],\"defaultValue\":\"Detection\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies\"},{\"field\":\"Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.mode\",\"notEquals\":\"[parameters('modeRequirement')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12430be1-6cc8-4527-a9a8-e3d38f250096\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12623e7e-4736-4b2e-b776-c1600f35f93a\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use Key Vault for storing secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + ensure secrets (such as connection strings) are managed securely, require + users to provide secrets using an Azure Key Vault instead of specifying them + inline in linked services.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"exists\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"PWD=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"Password=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"CredString=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"pwd=\"}]}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/SqlServer.typeProperties.password.type\",\"exists\":\"false\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSearch.typeProperties.key.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureBlobStorage.typeProperties.servicePrincipalKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/CosmosDb.typeProperties.accountKey.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.encryptedCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.mwsAuthToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonMWS.typeProperties.secretKey.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AmazonS3.typeProperties.secretAccessKey.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Dynamics.typeProperties.servicePrincipalCredential.type\",\"equals\":\"SecureString\"}]},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken.type\",\"equals\":\"SecureString\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Odbc.typeProperties.credential.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleAdWords.typeProperties.developerToken.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.clientSecret.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/GoogleBigQuery.typeProperties.refreshToken.type\",\"equals\":\"SecureString\"},{\"allOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"MongoDbAtlas\",\"MongoDbV2\"]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString.type\",\"notEquals\":\"AzureKeyVaultSecret\"}]},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCert.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/OData.typeProperties.servicePrincipalEmbeddedCertPassword.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.privateKeyContent.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Sftp.typeProperties.passPhrase.type\",\"equals\":\"SecureString\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Salesforce.typeProperties.securityToken.type\",\"equals\":\"SecureString\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"127ef6d7-242f-43b3-9eef-947faf1725d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1240 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"129eb39f-d79a-4503-84cd-92f036b5e429\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -20253,7 +27786,18 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"134d7a13-ba3e-41e2-b236-91bfcfa24e01\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1184 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"},{\"properties\":{\"displayName\":\"[Preview]: + Configure machines to receive the Qualys vulnerability assessment agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Defender includes vulnerability scanning for your machines at no extra cost. + You don't need a Qualys license or even a Qualys account - everything's handled + seamlessly inside Security Center. Machines which don't have the Qualys vulnerability + assessment agent deployed automatically receive the agent if this policy is + enabled.\",\"metadata\":{\"category\":\"Security Center\",\"preview\":true,\"version\":\"2.0.0-preview\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]},\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"template\":{\"contentVersion\":\"1.0.0.0\",\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"parameters\":{\"vmName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.compute/virtualmachines'))]\",\"type\":\"Microsoft.Compute/virtualMachines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"},{\"condition\":\"[equals(toLower(parameters('resourceType')), + toLower('microsoft.hybridcompute/machines'))]\",\"type\":\"Microsoft.HybridCompute/machines/providers/serverVulnerabilityAssessments\",\"name\":\"[concat(parameters('vmName'), + '/Microsoft.Security/default')]\",\"apiVersion\":\"2020-01-01\"}]},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}}}},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\",\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13ce0167-8ca6-4048-8e6b-f996402e3c1b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1085 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"13d117e0-38b0-4bbb-aaab-563be5dd10ba\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20318,7 +27862,38 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;MembersToExclude\",\"value\":\"[parameters('MembersToExclude')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"144f1397-32f9-4598-8c88-118decc3ccba\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityWindowsAgent\":\"[concat('deployAzureSecurityWindowsAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityWindowsAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityWindowsAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1537496a-b1e8-482b-a06a-1cc2415cdc7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1537496a-b1e8-482b-a06a-1cc2415cdc7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1157 - Plan Of Action And Milestones\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"15495367-cf68-464c-bbc3-f53ca5227b7a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20381,7 +27956,15 @@ interactions: '-', uniqueString(parameters('targetManagedApplicationId')))]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"associatedResourceName\":{\"type\":\"string\"},\"resourceTypesToAssociate\":{\"type\":\"string\"},\"targetManagedApplicationId\":{\"type\":\"string\"},\"associationNamePrefix\":{\"type\":\"string\"}},\"variables\":{\"resourceType\":\"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\"resourceName\":\"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2017-05-10\",\"name\":\"[concat(deployment().Name, - '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"Transparent + '-2')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"[variables('resourceType')]\",\"name\":\"[variables('resourceName')]\",\"apiVersion\":\"2018-09-01-preview\",\"properties\":{\"targetResourceId\":\"[parameters('targetManagedApplicationId')]\"}}]}}}]},\"parameters\":{\"resourceTypesToAssociate\":{\"value\":\"[field('type')]\"},\"associatedResourceName\":{\"value\":\"[field('name')]\"},\"targetManagedApplicationId\":{\"value\":\"[parameters('targetManagedApplicationId')]\"},\"associationNamePrefix\":{\"value\":\"[parameters('associationNamePrefix')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17763ad9-70c0-4794-9397-53d765932634\"},{\"properties\":{\"displayName\":\"[ASC + Private Preview] Deploy - Configure system-assigned managed identity to enable + Azure Monitor assignments on VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"[ASC + Private Preview] Configure system-assigned managed identity to virtual machines + hosted in Azure that are supported by Azure Monitor that do not have a system-assigned + managed identity. A system-assigned managed identity is a prerequisite for + all Azure Monitor assignments and must be added to machines before using any + Azure Monitor extension. Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.2.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"value\":\"[requestContext().apiVersion]\",\"greaterOrEquals\":\"2018-10-01\"},{\"field\":\"identity.type\",\"notContains\":\"SystemAssigned\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"identity.type\",\"value\":\"[if(contains(field('identity.type'), + 'UserAssigned'), concat(field('identity.type'), ',SystemAssigned'), 'SystemAssigned')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"17b3de92-f710-4cf4-aa55-0e7859f1ed7b\"},{\"properties\":{\"displayName\":\"Transparent Data Encryption on SQL databases should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -20392,14 +27975,13 @@ interactions: Managed Control 1480 - Temperature And Humidity Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18a767cc-1947-4338-a240-bc058c81164f\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - PostgreSQL database servers enables implementing a separation of duties in - the management of keys and data. When you configure a customer-managed key, - the key is used to protect and control access to the key that encrypts your - data. You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your PostgreSQL + servers. By default, the data is encrypted at rest with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"18adea5e-f416-4d0f-8aa8-d24321e3e274\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1369 - Incident Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -20435,7 +28017,13 @@ interactions: your app services are overly permissive and allow inbound traffic from ranges that are too broad\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Vulnerability + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/complianceResults\",\"name\":\"restrictAccessToAppServices\",\"existenceCondition\":{\"field\":\"Microsoft.Security/complianceResults/resourceStatus\",\"in\":[\"OffByPolicy\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a833ff1-d297-4a0f-9944-888428f8e0ff\"},{\"properties\":{\"displayName\":\"Azure + Event Grid topics should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1adadefe-5f21-44f7-b931-a59b54ccdb45\"},{\"properties\":{\"displayName\":\"Vulnerability assessment should be enabled on SQL Managed Instance\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you @@ -20444,7 +28032,8 @@ interactions: network access on Azure SQL Database should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration - denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure + denies all logins that match IP or virtual network based firewall rules.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1b8ca024-1d5c-4dec-8995-b1a932b41780\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API @@ -20454,13 +28043,21 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machines if the VM Image (OS) is in the - list defined and the agent is not installed. The list of OS images will be - updated over time as support is updated.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"},{\"properties\":{\"displayName\":\"Azure + Service Bus namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Service Bus namespaces, + data leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c06e275-d63d-4540-b761-71f364c2111d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c06e275-d63d-4540-b761-71f364c2111d\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Dependency agent to be enabled on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machines if the virtual machine image + is in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.6\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c210e94-a481-4beb-95fa-1571b434fb04\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -20469,49 +28066,61 @@ interactions: Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cb067d5-c8b5-4113-a7ee-0a493633924b\"},{\"properties\":{\"displayName\":\"Public + network access on Azure Data Factory should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + Data Factory can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d01ba6c-289f-42fd-a408-494b355b6222\"},{\"properties\":{\"displayName\":\"Azure + File Sync should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Creating + a private endpoint for the indicated Storage Sync Service resource allows + you to address your Storage Sync Service resource from within the private + IP address space of your organization's network, rather than through the internet-accessible + public endpoint. Creating a private endpoint by itself does not disable the + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d320205-c6a1-4ac6-873d-46224024e8e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d320205-c6a1-4ac6-873d-46224024e8e2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d50f99d-1356-49c0-934a-45f742ba7783\"},{\"properties\":{\"displayName\":\"Deploy + GitOps to Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth from the defined git repo. For - instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"preview\":true,\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Configuration resource name\",\"description\":\"The name for the sourceControlConfiguration. - \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator instance name\",\"description\":\"The name of the operator associated - with this configuration. The instance name can contain up to 353 lower-case - alphanumeric characters, hyphen, or period. If enableHelmOperator is true, - then operatorInstanceName + operatorNamespace strings cannot exceed 47 characters - combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator namespace\",\"description\":\"The namespace to use for the configuration - operator. The namespace can contain up to 353 lower-case alphanumeric characters, - hyphen, or period. If enableHelmOperator is true, then operatorInstanceName - + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator scope\",\"description\":\"The permission scope for the operator. - Possible values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator type\",\"description\":\"The type of operator to install. Currently, - 'Flux' is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Operator parameters\",\"description\":\"Parameters to set on the Flux operator, - separated by spaces. For example, --git-readonly --git-path=namespaces,workloads. - \ Learn more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Repository Url\",\"description\":\"The URL for the source control repository. - Private repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Enable Helm\",\"description\":\"Indicate whether to enable Helm for this instance - of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart version for installing Flux Helm\",\"description\":\"The version - of the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"0.6.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Helm chart parameters for installing Flux Helm\",\"description\":\"Parameters - for the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"--git-readonly\",\"[parameters('operatorParams')]\",\"[concat('--git-readonly - ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(parameters('clusterResourceType'), - 'connectedclusters')]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(parameters('clusterResourceType'), - 'managedclusters')]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), - '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft + instructions on using this policy, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"The name of the operator associated with + this configuration. The instance name can contain up to 353 lower-case alphanumeric + characters, hyphen, or period. If enableHelmOperator is true, then operatorInstanceName + + operatorNamespace strings cannot exceed 47 characters combined.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"The namespace to use for the configuration operator. + The namespace can contain up to 353 lower-case alphanumeric characters, hyphen, + or period. If enableHelmOperator is true, then operatorInstanceName + operatorNamespace + strings cannot exceed 47 characters combined.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --git-path=namespaces,workloads. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Private + repo: git@github.com:Contoso/cluster-config\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 0.6.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d61c4d2-aef2-432b-87fc-7f96b019b7e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d61c4d2-aef2-432b-87fc-7f96b019b7e1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1538 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d7658b2-e827-49c3-a2ae-6d2bd0b45874\"},{\"properties\":{\"displayName\":\"Virtual @@ -20537,12 +28146,21 @@ interactions: a required tag and its value. Does not apply to resource groups.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Tags\"},\"parameters\":{\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"not\":{\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Key - vault should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting + parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e30110a-5ceb-460c-a204-c1c3969c6d62\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Synapse + workspace. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network#appendix-dns-registration-for-private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Target sub resource the private endpoint + connects to\"},\"allowedValues\":[\"Dev\",\"Sql\",\"SqlOnDemand\"],\"defaultValue\":\"Dev\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('targetSubResource')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"synapse-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\"},{\"properties\":{\"displayName\":\"Key + vaults should have soft delete enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault - can lead to permanent data loss. Soft delete allows you to recover an accidently - deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Key + can lead to permanent data loss. Soft delete allows you to recover an accidentally + deleted key vault for a configurable retention period.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"exists\":\"false\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\"},{\"properties\":{\"displayName\":\"Azure API for FHIR should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure @@ -20556,7 +28174,14 @@ interactions: to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/administrators\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be encrypted with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Create + Azure Monitor logs cluster with customer-managed keys encryption. By default, + the log data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance. Customer-managed + key in Azure Monitor gives you more control over the access to you data, see + https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVaultUri\",\"exists\":\"false\"}]},{\"anyOf\":[{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"equals\":\"\"},{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyName\",\"exists\":\"false\"}]},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/keyVaultProperties.keyVersion\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f68a601-6e6d-4e42-babf-3f643a047ea2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f68a601-6e6d-4e42-babf-3f643a047ea2\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is @@ -20604,13 +28229,32 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f8c20ce-3414-4496-8b26-0e902a1541da\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB account should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - customer-managed keys to control the encryption at rest of the data stored - in Azure Cosmos DB when this is a regulatory or compliance requirement. Customer-managed - keys also deliver double encryption by adding a second layer of encryption - on top of the default one done with service-managed keys. See https://aka.ms/cosmosdb-cmk\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos + Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Cosmos + DB. By default, the data is encrypted at rest with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/cosmosdb-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Microsoft + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/keyVaultKeyUri\",\"exists\":false},{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1f905d99-2ab7-462c-a6b0-f709acca6c8f\"},{\"properties\":{\"displayName\":\"Logic + Apps Integration Service Environment should be encrypted with customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + into Integration Service Environment to manage encryption at rest of Logic + Apps data using customer-managed keys. By default, customer data is encrypted + with service-managed keys, but customer-managed keys are commonly required + to meet regulatory compliance standards. Customer-managed keys enable the + data to be encrypted with an Azure Key Vault key created and owned by you. + You have full control and responsibility for the key lifecycle, including + rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/integrationServiceEnvironments\"},{\"field\":\"Microsoft.Logic/integrationServiceEnvironments/encryptionConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption at host to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling + encryption at host helps protect and safeguard your data to meet your organizational + security and compliance commitments. When you enable encryption at host, data + stored on the VM host is encrypted at rest and flows encrypted to the Storage + service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.encryptionAtHost\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2006457a-48b3-4f7b-8d2e-1532287f9929\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20627,13 +28271,30 @@ interactions: Image Builder templates should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit VM Image Builder templates that do not have a virtual network configured. When a virtual network is not configured, a public IP is created and used - instead which may expose resources directly to the internet and increase the + instead which may directly expose resources to the internet and increase the potential attack surface.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"VM Image Builder\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.VirtualMachineImages/imageTemplates\"},{\"field\":\"Microsoft.VirtualMachineImages/imageTemplates/vmProfile.vnetConfig\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2154edb9-244f-4741-9970-660785bccdaa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21839937-d241-4fa5-95c6-b669253d9ab9\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Azure File Sync\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public endpoint allows you to restrict access to your Storage Sync Service + resource to requests destined to approved private endpoints on your organization's + network. There is nothing inherently insecure about allowing requests to the + public endpoint, however, you may wish to disable it to meet regulatory, legal, + or organizational policy requirements. You can disable the public endpoint + for a Storage Sync Service by setting the incomingTrafficPolicy of the resource + to AllowVirtualNetworksOnly.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},{\"field\":\"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\"notEquals\":\"AllowVirtualNetworksOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a8cd35-125e-4d13-b82d-2e19b7208bb7\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21a9766a-82a5-4747-abb5-650b6dbba6d0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21a9766a-82a5-4747-abb5-650b6dbba6d0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1111 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"21de687c-f15e-4e51-bf8d-f35c8619965b\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20673,9 +28334,9 @@ interactions: ports should be closed on your virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Open remote management ports are exposing your VM to a high level of risk from Internet-based attacks. These attacks attempt to brute force credentials to - gain admin access to the machine.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + gain admin access to the machine.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bc303248-3d14-44c2-96a0-55f5c326b5fe\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22730e10-96f6-4aac-ad84-9383d35b5917\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1493 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"22b469b3-fccf-42da-aa3b-a28e6fb113ce\"},{\"properties\":{\"displayName\":\"Only @@ -20730,7 +28391,13 @@ interactions: workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Automation account so that it isn't accessible + over the public internet. This configuration helps protect them against data + leakage risks. You can limit exposure of the your Automation account resources + by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Automation\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"value\":false}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1268 - Alternate Storage Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"23f6e984-3053-4dfc-ab48-543b764781f5\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20780,9 +28447,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\"},{\"properties\":{\"displayName\":\"Endpoint protection solution should be installed on virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the existence and health of an endpoint protection solution on your virtual - machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + machines scale sets, to protect them from threats and vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e71020c2-860c-3235-cd39-04f3f8c936d2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26a828e1-e88f-464e-bbb3-c134a282b9de\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1649 - Collaborative Computing Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26d292cc-b0b8-4c29-9337-68abc758bf7b\"},{\"properties\":{\"displayName\":\"Metric @@ -20793,23 +28460,31 @@ interactions: name\",\"description\":\"The metric name that an alert rule must be enabled on\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/alertRules\",\"existenceScope\":\"Subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/alertRules/isEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\"equals\":\"[parameters('metricName')]\"},{\"field\":\"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\"equals\":\"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', - field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Enable - Automanage - Azure virtual machine best practices\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Automanage - enrolls, configures, and monitors virtual machines with Azure VM best practice - services. Use this policy to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage - account\",\"description\":\"Select Automanage account from dropdown list. - If this account is outside of the scope of the assignment you must manually - grant 'Contributor' permissions (or similar) on the account to the policy - assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + field('name'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"},{\"properties\":{\"displayName\":\"Configure + virtual machines to be onboarded to Azure Automanage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Automanage enrolls, configures, and monitors virtual machines with best practice + as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy + to apply Automanage to your selected scope.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Automanage\"},\"parameters\":{\"automanageAccount\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automanage + account\",\"description\":\"The Automanage account is an Azure managed identity + under which virtual machine operations are performed. If this account is outside + of the scope of the assignment you must manually grant 'Contributor' permissions + (or similar) on the account to the policy assignment's principal ID.\",\"strongType\":\"Microsoft.Automanage/accounts\",\"assignPermissions\":true}},\"configurationProfileAssignment\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration profile\",\"description\":\"The management services provided are based on whether the machine is intended to be used in a dev/test environment or production.\"},\"allowedValues\":[\"Azure virtual machine best practices \u2013 Production\",\"Azure virtual machine best practices \u2013 Dev/test\"],\"defaultValue\":\"Azure virtual machine - best practices \u2013 Production\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"westus2\",\"westcentralus\",\"westeurope\",\"canadacentral\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), + best practices \u2013 Production\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"location\",\"in\":[\"eastus\",\"eastus2\",\"westus\",\"westus2\",\"centralus\",\"southcentralus\",\"westcentralus\",\"northeurope\",\"westeurope\",\"canadacentral\",\"japaneast\",\"uksouth\",\"australiaeast\",\"australiasoutheast\"]},{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\",\"rhel-raw\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"8*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"15*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Automanage/configurationProfileAssignments\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/configurationProfile\",\"equals\":\"[parameters('configurationProfileAssignment')]\"},{\"field\":\"Microsoft.Automanage/configurationProfileAssignments/accountId\",\"equals\":\"[parameters('automanageAccount')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"machineName\":{\"value\":\"[field('Name')]\"},\"automanageAccount\":{\"value\":\"[parameters('automanageAccount')]\"},\"configurationProfileAssignment\":{\"value\":\"[parameters('configurationProfileAssignment')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"machineName\":{\"type\":\"String\"},\"automanageAccount\":{\"type\":\"string\"},\"configurationProfileAssignment\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments\",\"apiVersion\":\"2020-06-30-preview\",\"name\":\"[concat(parameters('machineName'), '/Microsoft.Automanage/', 'default')]\",\"properties\":{\"configurationProfile\":\"[parameters('configurationProfileAssignment')]\",\"accountId\":\"[parameters('automanageAccount')]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/270610db-8c04-438a-a739-e8e6745b22d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"270610db-8c04-438a-a739-e8e6745b22d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1396 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"},{\"properties\":{\"displayName\":\"Flow + logs should be enabled for every network security group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + for flow log resources to verify if flow log status is enabled. Enabling flow + logs allows to log information about IP traffic flowing through network security + group. It can be used for optimizing network flows, monitoring throughput, + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkWatchers/flowLogs\"},{\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27960feb-a23c-4577-8d36-ef8b5f35e0be\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1074 - Access Control For Mobile Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"27a69937-af92-4198-9b86-08d355c7e59a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -20833,7 +28508,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"283a4e29-69d5-4c94-b99e-29acf003c899\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1436 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28aab8b4-74fd-4b7c-9080-5a7be525d574\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property shuts down public connectivity such that + Azure SQL Server can only be accessed from a private endpoint. This configuration + disables the public network access for all databases under the Azure SQL Server.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Sql/servers/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -20851,7 +28531,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"AppServices\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2913021d-f2fd-4f3d-b958-22354e2bdbcb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"292a7c44-37fa-4c68-af7c-9d836955ded2\"},{\"properties\":{\"displayName\":\"Service + Bus Premium namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Service Bus supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Service Bus will use to encrypt data in your namespace. Note that Service + Bus only supports encryption with customer-managed keys for premium namespaces.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"},{\"not\":{\"field\":\"Microsoft.ServiceBus/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"295fc8b1-dc9f-4f53-9c61-3f313ceab40a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -20872,8 +28560,8 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"},{\"properties\":{\"displayName\":\"Storage accounts should restrict network access using virtual network rules\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Protect your storage accounts from potential threats using virtual network rules as - a preferred method to IP-based filtering. Disallowing IP-based filtering prevents - public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + a preferred method instead of IP-based filtering. Disabling IP-based filtering + prevents public IPs from accessing your storage accounts.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"},{\"count\":{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]\"},\"greaterOrEquals\":1}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -20904,14 +28592,22 @@ interactions: ',', 'Audit Authorization Policy Change;ExpectedValue', '=', parameters('AuditAuthorizationPolicyChange')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2a7a701e-dff3-4da9-9ec5-42cb98594c0b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1274 - Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2aee175f-cd16-4825-939a-a85349d96210\"},{\"properties\":{\"displayName\":\"Synapse + workspace auditing settings should have action groups configured to capture + critical activities\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure your audit logs are as thorough as possible, the AuditActionsAndGroups + property should include all the relevant groups. We recommend adding at least + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, + and BATCH_COMPLETED_GROUP. This is sometimes required for compliance with + regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"FAILED_DATABASE_AUTHENTICATION_GROUP\"}},{\"not\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]\",\"notEquals\":\"BATCH_COMPLETED_GROUP\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b18f286-371e-4b80-9887-04759970c0d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b18f286-371e-4b80-9887-04759970c0d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1603 - Developer Security Testing And Evaluation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b909c26-162f-47ce-8e15-0c1f55632eac\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2b9ad585-36bc-4615-b300-fd4435808332\"},{\"properties\":{\"displayName\":\"Cognitive Services accounts should enable data encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using data encryption. For each Cognitive Services account with storage, should enable data encryption @@ -20982,7 +28678,21 @@ interactions: auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Managed + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"PasswordPolicy_msid110\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d67222d-05fd-4526-a171-2ee132ad9e83\"},{\"properties\":{\"displayName\":\"Public + network access on Azure IoT Hub should be disabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + the public network access property improves security by ensuring your Azure + IoT Hub can only be accessed from a private endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"field\":\"Microsoft.Devices/IotHubs/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d6830fb-07eb-48e7-8c4d-2a442b35f0fb\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure IoT Hub should use customer-managed key to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encryption + of data at rest in IoT Hub with customer-managed key adds a second layer of + encryption on top of the default service-managed keys, enables customer control + of keys, custom rotation policies, and ability to manage access to data through + key access control. Customer-managed keys must be configured during creation + of IoT Hub. For more information on how to configure customer-managed keys, + see https://aka.ms/iotcmk.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},{\"count\":{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"lessOrEquals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"2d7e144b-159c-44fc-95c1-ac3dbf5e6e54\"},{\"properties\":{\"displayName\":\"Managed workspace virtual network on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling a managed workspace virtual network ensures that your workspace is network isolated from other workspaces. Data integration and Spark resources deployed @@ -21045,7 +28755,13 @@ interactions: Defender for Storage provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"StorageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"308fbb08-4ab8-4e67-9b29-592e93fb94fa\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cache for Redis resource so that it's + not accessible over the public internet. This helps protect the cache against + data leakage risks.\",\"metadata\":{\"category\":\"Cache\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17\"],\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-06-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/30b3dfa5-a70d-4c8e-bed6-0083858f663d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"30b3dfa5-a70d-4c8e-bed6-0083858f663d\"},{\"properties\":{\"displayName\":\"Audit Windows machines missing any of specified members in the Administrators group\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators @@ -21083,14 +28799,21 @@ interactions: Greater Risk\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"31b752c1-05a9-432a-8fce-c39b56550119\"},{\"properties\":{\"displayName\":\"[Preview]: - Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed. The list of OS images will be updated over time as - support is updated.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: - Optional: List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"Microsoft + Log Analytics Agent should be enabled for listed virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machines as non-compliant if the virtual machine image is not in the + list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Windows OS to + add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Optional: List of virtual machine images that have supported Linux OS to add + to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"not\":{\"anyOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32133ab0-ee4b-4b44-98d6-042180979d50\"},{\"properties\":{\"displayName\":\"API + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of an API app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/324c7761-08db-4474-9661-d1039abc92ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"324c7761-08db-4474-9661-d1039abc92ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1587 - External Information System Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"32820956-9c6d-4376-934c-05cd8525be7c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -21205,7 +28928,12 @@ interactions: '/AzurePolicyforLinux')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforLinux\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3470477a-b35a-49db-aca5-1073d04524fe\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1151 - System Interconnections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"},{\"properties\":{\"displayName\":\"Azure + Synapse workspaces should allow outbound data traffic only to approved targets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Increase + security of your Synapse workspace by allowing outbound data traffic only + to approved targets. This helps prevention against data exfiltration by validating + the target before sending data.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"field\":\"Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.preventDataExfiltration\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3484ce98-c0c5-4c83-994b-c5ac24785218\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1412 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3492d949-0dbb-4589-88b3-7b59601cc764\"},{\"properties\":{\"displayName\":\"Microsoft @@ -21218,22 +28946,22 @@ interactions: accounts should restrict network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To - allow connections from specific internet or on-premise clients, access can + allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet - IP address ranges\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + IP address ranges\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34c877ad-507e-4c82-993e-3452a6e0ad3c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"},{\"properties\":{\"displayName\":\"Resource logs in Logic Apps should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Logic + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Logic Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"34f95f76-5386-4de7-b824-0d8478470c9d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1210 - Configuration Settings\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3502c968-c490-4570-8167-1476f955e9b8\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -21452,7 +29180,7 @@ interactions: implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36b0ef30-366f-4b1b-8652-a3511df11f53\"},{\"properties\":{\"displayName\":\"Deploy Threat Detection on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This - policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), + policy ensures that Threat Detection is enabled on SQL Servers.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/securityAlertPolicies.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"name\":\"[concat(parameters('serverName'), '/Default')]\",\"type\":\"Microsoft.Sql/servers/securityAlertPolicies\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"emailAccountAdmins\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This @@ -21512,7 +29240,24 @@ interactions: servers;ExpectedValue\",\"value\":\"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36e17963-7202-494a-80c3-f508211c826b\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid topics to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/topics/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36ea4b4b-0f7f-4a54-89fa-ab18f555a172\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/domains/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"domain\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36f4658a-848a-467b-881c-e6fa20cf75fc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36f4658a-848a-467b-881c-e6fa20cf75fc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"36fbe499-f2f2-41b6-880e-52d7ea1d94a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -21544,15 +29289,15 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.Storage/StorageAccounts\"]},{\"value\":\"[field('type')]\",\"equals\":\"Microsoft.ClassicStorage/storageAccounts\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"382016f3-d4ba-4e15-9716-55077ec4dc2a\"},{\"properties\":{\"displayName\":\"Resource logs in IoT Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Internet + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Internet of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"}},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"},{\"properties\":{\"displayName\":\"Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Windows Guest Configuration extension to Windows virtual @@ -21643,7 +29388,16 @@ interactions: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3abeb944-26af-43ee-b83d-32aaf060fb94\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1548 - Vulnerability Scanning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"},{\"properties\":{\"displayName\":\"Configure + Azure Synapse workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Azure + Synapse workspaces, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-with-private-links.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Dev\"],\"requestMessage\":\"Auto + approved by policy assignment\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b3b0c27-08d2-4b32-879d-19930bee3266\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b3b0c27-08d2-4b32-879d-19930bee3266\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\"},{\"properties\":{\"displayName\":\"Microsoft @@ -21655,14 +29409,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"operationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operation Name\",\"description\":\"Security Operation name for which activity log alert should exist\"},\"allowedValues\":[\"Microsoft.Security/policies/write\",\"Microsoft.Security/securitySolutions/write\",\"Microsoft.Security/securitySolutions/delete\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/ActivityLogAlerts\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/enabled\",\"equals\":\"true\"},{\"count\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"Security\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"},{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\"equals\":\"[parameters('operationName')]\"}]}]}},\"equals\":2},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"category\"}},{\"not\":{\"field\":\"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\"equals\":\"operationName\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3b980d31-7904-4bb7-8575-5665739a8052\"},{\"properties\":{\"displayName\":\"Deploy - Dependency agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Dependency agent for Windows virtual machine scale sets if the VM Image (OS) - is in the list defined and the agent is not installed. The list of OS images - will be updated over time as support is updated. Note: if your scale set upgradePolicy - is set to Manual, you need to apply the extension to the all virtual machines - in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\"metadata\":{\"version\":\"1.3.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), + - Configure Dependency agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Dependency agent for Windows virtual machine scale sets if the virtual machine + image is in the list defined and the agent is not installed. If your scale + set upgradePolicy is set to Manual, you need to apply the extension to all + the virtual machines in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"DependencyAgentWindows\",\"vmExtensionPublisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"vmExtensionType\":\"DependencyAgentWindows\",\"vmExtensionTypeHandlerVersion\":\"9.7\"},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"apiVersion\":\"2018-06-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"},{\"properties\":{\"displayName\":\"PostgreSQL server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual @@ -21671,28 +29426,28 @@ interactions: Azure boundary. This policy provides a way to audit if the Azure Database for PostgreSQL has virtual network service endpoint being used.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c14b034-bcb6-4905-94e7-5b8e98a47b65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c14b034-bcb6-4905-94e7-5b8e98a47b65\"},{\"properties\":{\"displayName\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy - Log Analytics agent for Windows virtual machine scale sets if the VM Image - (OS) is in the list defined and the agent is not installed. The list of OS - images will be updated over time as support is updated. Note: if your scale - set upgradePolicy is set to Manual, you need to apply the extension to the - all VMs in the set by calling upgrade on them. In CLI this would be az vmss - update-instances.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log - Analytics workspace\",\"description\":\"Select Log Analytics workspace from - dropdown list. If this workspace is outside of the scope of the assignment - you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), + - Configure Log Analytics agent to be enabled on Windows virtual machine scale + sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Log Analytics agent for Windows virtual machine scale sets if the virtual + machine image is in the list defined and the agent is not installed. If your + scale set upgradePolicy is set to Manual, you need to apply the extension + to all the virtual machine in the set by updating them.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Log Analytics workspace is used to + receive performance data. If this workspace is outside of the scope of the + assignment you must manually grant 'Log Analytics Contributor' permissions + (or similar) to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"listOfImageIdToInclude\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude')]\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"MicrosoftMonitoringAgent\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{\"vmExtensionName\":\"MicrosoftMonitoringAgent\",\"vmExtensionPublisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"vmExtensionType\":\"MicrosoftMonitoringAgent\",\"vmExtensionTypeHandlerVersion\":\"1.0\"},\"resources\":[{\"name\":\"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2018-06-01\",\"properties\":{\"publisher\":\"[variables('vmExtensionPublisher')]\",\"type\":\"[variables('vmExtensionType')]\",\"typeHandlerVersion\":\"[variables('vmExtensionTypeHandlerVersion')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\"stopOnMultipleConnections\":\"true\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c1b3629-c8f8-4bf6-862c-037cb9094038\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit the OS vulnerabilities on your virtual machine scale sets to protect them - from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + from attacks.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"8941d121-f740-35f6-952c-6561d2b38d36\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1621 - Resource Availability\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3cb9f731-744a-4691-a481-ca77b0411538\"},{\"properties\":{\"displayName\":\"Microsoft @@ -21755,7 +29510,13 @@ interactions: to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\",\"16.04-LTS\",\"16.04.0-LTS\",\"14.04.2-LTS\",\"12.04.5-LTS\"]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"OmsAgentForLinux\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('vmName'),'/omsPolicy')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"apiVersion\":\"2017-12-01\",\"properties\":{\"publisher\":\"Microsoft.EnterpriseCloud.Monitoring\",\"type\":\"OmsAgentForLinux\",\"typeHandlerVersion\":\"1.4\",\"autoUpgradeMinorVersion\":true,\"settings\":{\"workspaceId\":\"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"},\"protectedSettings\":{\"workspaceKey\":\"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled - monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"Microsoft + monitoring for Linux VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"},{\"properties\":{\"displayName\":\"App + Configuration should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3d9f5e4c-9947-4579-9539-2a7695fbc187\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1385 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3e495e65-8663-49ca-9b38-9f45e800bc58\"},{\"properties\":{\"displayName\":\"Audit @@ -21884,13 +29645,15 @@ interactions: Managed Control 1202 - Access Restrictions For Change\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40a2a83b-74f2-4c02-ae65-f460a5d2792a\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Machine + Machine Learning workspaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Azure Machine Learning + workspaces instead of the entire service, you'll also be protected against + data leakage risks. Learn more at: https://aka.ms/azureml-workspaces-privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"count\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/40cec1dd-a100-4920-b15b-3024fe8901ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"40cec1dd-a100-4920-b15b-3024fe8901ab\"},{\"properties\":{\"displayName\":\"Inherit a tag from the subscription if missing\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Adds the specified tag with its value from the containing subscription when any resource missing this tag is created or updated. Existing resources can be @@ -21916,7 +29679,15 @@ interactions: Monitor should collect activity logs from all regions\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"allOf\":[{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiacentral2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"australiasoutheast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"brazilsouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"canadaeast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"centralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"eastus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"francesouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japaneast\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"japanwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreacentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"koreasouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"northeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricanorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southafricawest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"southeastasia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaecentral\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uaenorth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"uksouth\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"ukwest\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westcentralus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westeurope\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westindia\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"westus2\"}},{\"not\":{\"field\":\"Microsoft.Insights/logProfiles/locations[*]\",\"notEquals\":\"global\"}}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"},{\"properties\":{\"displayName\":\"Temp + disks and cache for agent node pools in Azure Kubernetes Service clusters + should be encrypted at host\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + enhance data security, the data stored on the virtual machine (VM) host of + your Azure Kubernetes Service nodes VMs should be encrypted at rest. This + is a common requirement in many regulatory and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"count\":{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"\"},{\"field\":\"Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost\",\"equals\":\"false\"}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41425d9f-d1a5-499a-9932-f8ed8453932c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1263 - Contingency Plan Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"41472613-3b05-49f6-8fe8-525af113ce17\"},{\"properties\":{\"displayName\":\"Microsoft @@ -21944,14 +29715,14 @@ interactions: Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"426c4ac9-ff17-49d0-acd7-a13c157081c0\"},{\"properties\":{\"displayName\":\"Resource logs in Batch accounts should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"428256e6-1fac-4f48-a757-df34c2b3336d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -22076,7 +29847,13 @@ interactions: Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"463e5220-3f79-4e24-a63f-343e4096cd22\"},{\"properties\":{\"displayName\":\"Azure + SignalR Service should use a Private Link enabled SKU\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination which protect your resources + against public data leakage risks. The policy limits you to Private Link enabled + SKUs for Azure SignalR Service. Learn more about private link at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"field\":\"Microsoft.SignalRService/SignalR/sku.tier\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/464a1620-21b5-448d-8ce6-d4ac6d1bc49a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"464a1620-21b5-448d-8ce6-d4ac6d1bc49a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require SQL Server version 12.0\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures all SQL servers use version 12.0. This policy is deprecated because it is no longer possible to create an Azure SQL server with any version @@ -22100,11 +29877,26 @@ interactions: Services accounts should use customer owned storage\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Cognitive Services account not using customer owned storage.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/userOwnedStorage[*]\"},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46aa9b05-0e60-4eae-a88b-1e9d374fa515\"},{\"properties\":{\"displayName\":\"[Preview]: + IoT Hub device provisioning service data should be encrypted using customer-managed + keys (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your IoT Hub device + provisioning service. The data is automatically encrypted at rest with service-managed + keys, but customer-managed keys (CMK) are commonly required to meet regulatory + compliance standards. CMKs enable the data to be encrypted with an Azure Key + Vault key created and owned by you. Learn more about CMK encryption at https://aka.ms/dps/CMK.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Internet + of Things\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"exists\":\"true\"},{\"field\":\"Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier\",\"notequals\":\"\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47031206-ce96-41f8-861b-6a915f3de284\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47031206-ce96-41f8-861b-6a915f3de284\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Storage + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4708723f-e099-4af1-bbf9-b6df7642e444\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the Azure Cache for + Redis isn't exposed on the public internet. You can limit exposure of your + Azure Cache for Redis by creating private endpoints instead. Learn more at: + https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/Redis\"},{\"field\":\"Microsoft.Cache/Redis/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"470baccb-7e51-4549-8b1a-3e5be069f663\"},{\"properties\":{\"displayName\":\"Storage accounts should have infrastructure encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted @@ -22130,9 +29922,16 @@ interactions: on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the - applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + applications running on each machine and suggest the list of known-safe applications.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"35f45c95-27cf-4e52-891f-8390d1de5828\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\"},{\"properties\":{\"displayName\":\"Configure + Cognitive Services accounts to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Cognitive Services resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at: https://go.microsoft.com/fwlink/?linkid=2129800.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Disabled\",\"Modify\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2017-04-18')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.CognitiveServices/accounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -22274,13 +30073,15 @@ interactions: Managed Control 1094 - Role-Based Security Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b1853e0-8973-446b-b567-09d901d31a09\"},{\"properties\":{\"displayName\":\"Azure - Event Grid topics should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid topics that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid topics should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid topic instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"},{\"count\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4b90e17e-8448-49db-875e-bd83fb6f804f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4c090801-59bc-4454-bb33-e0455133486a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -22305,7 +30106,14 @@ interactions: Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"MaximumPasswordAge\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MaximumPasswordAge\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ceb8dc2-559c-478b-a15b-733fbf1e3738\"},{\"properties\":{\"displayName\":\"Function + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a function app should be located on an Azure file share. + The storage account information for the file share must be provided before + any publishing activity. To learn more about using Azure Files for hosting + app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4d0bc837-6eff-477e-9ecd-33bf8d4212a5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4d0bc837-6eff-477e-9ecd-33bf8d4212a5\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -22405,15 +30213,35 @@ interactions: Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ebd97f7-b105-4f50-8daf-c51465991240\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints that connect to Batch + accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + DNS records allow private connections to private endpoints. Private endpoint + connections allow secure communication by enabling private connectivity to + Batch accounts without a need for public IP addresses at the source or destination. + For more information on private endpoints and DNS zones in Batch, see https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + private DNS zone to deploy in a new private DNS zone group and link to the + private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"batchAccount\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"batchAccount-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec38ebc-381f-45ee-81a4-acbc4be878f8\"},{\"properties\":{\"displayName\":\"Azure + data factories should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Data + Factory. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/adf-cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Data + Factory\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"field\":\"Microsoft.DataFactory/factories/encryption.vaultBaseUrl\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ec52d6d-beb7-40c4-9a9e-fe753254690e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1139 - Audit Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4ed62522-de00-4dda-9810-5205733d2f34\"},{\"properties\":{\"displayName\":\"A maximum of 3 owners should be designated for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"It is recommended to designate up to 3 subscription owners in order to reduce - the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + the potential for breach by a compromised owner.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"6f90a6d6-d4d6-0794-0ec1-98fa77878c2e\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f11b553-d42e-4e3a-89be-32ca364cad4c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f26049b-2c5a-4841-9ff3-d48a26aae475\"},{\"properties\":{\"displayName\":\"Microsoft @@ -22438,7 +30266,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"4f9dc7db-30c1-420c-b61a-e1d640128d26\"},{\"properties\":{\"displayName\":\"[Preview]: Storage account public access should be disallowed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Anonymous public read access to containers and blobs in Azure Storage is a convenient - way to share data, but might present security risks. To prevent data breaches + way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.\",\"metadata\":{\"version\":\"2.0.1-preview\",\"category\":\"Storage\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"The effect determines what happens when the policy @@ -22449,16 +30277,53 @@ interactions: is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this - tool for you.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + tool for you.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"550e890b-e652-4d22-8274-60b3bdb24c63\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"ffff0522-1e88-47fc-8382-2a80ba848f5d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1485 - Delivery And Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50301354-95d0-4a11-8af5-8039ecf6d38b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"506814fa-b930-4b10-894e-a45b98c40e1a\"},{\"properties\":{\"displayName\":\"Deploy + Workflow Automation for Azure Security Center regulatory compliance\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable + automation of Azure Security Center regulatory compliance. This policy deploys + a workflow automation with your conditions and triggers on the assigned scope. + To deploy this policy on newly created subscriptions, open the Compliance + tab, select the relevant non-compliant assignment and create a remediation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\",\"preview + \":true},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name\",\"description\":\"The resource group name where the workflow + automation is created. If you enter a name for a resource group that doesn't + exist, it'll be created in the subscription.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group location\",\"description\":\"The location where the resource group and + the workflow automation are created.\",\"strongType\":\"location\"}},\"regulatoryComplianceStandards\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + standards names\",\"description\":\"For all compliance standards, leave it + empty. For specific compliance standards, enter a list of standards names + separated by semicolons (';'). Compliance standards names are available through + the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"regulatoryComplianceControlStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Compliance + control states\",\"description\":\"Determines compliance control states.\"},\"allowedValues\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"],\"defaultValue\":[\"Failed\",\"Passed\",\"Skipped\",\"Unsupported\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + app trigger\",\"description\":\"The trigger connector of the logic app that + is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an + Azure Security Center regulatory compliance assessment is created or triggered'.\"},\"allowedValues\":[\"Manual + (Incoming HTTP request)\",\"When an Azure Security Center regulatory compliance + assessment is created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets\",\"exists\":false},{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"equals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"less\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceControlStates')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\",\"name\":\"regulatoryComplianceControlState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.state\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceControlState')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceControlStates'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"equals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[parameters('regulatoryComplianceStandards')]\"},{\"count\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\",\"name\":\"regulatoryComplianceStandard\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"id\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('regulatoryComplianceStandard')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('regulatoryComplianceStandards'))]\"}]},{\"allOf\":[{\"value\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"notEquals\":0},{\"value\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"notEquals\":4},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('regulatoryComplianceStandards'),parameters('regulatoryComplianceControlStates'))]\"},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\"},\"equals\":\"[mul(2,mul(length(parameters('regulatoryComplianceStandards')),length(parameters('regulatoryComplianceControlStates'))))]\"}]}]}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"regulatoryComplianceStandards\":{\"type\":\"array\"},\"regulatoryComplianceControlStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + for subscription {0}\",\"regulatoryComplianceStandardsLength\":\"[length(parameters('regulatoryComplianceStandards'))]\",\"regulatoryComplianceControlStatesLength\":\"[length(parameters('regulatoryComplianceControlStates'))]\",\"regulatoryComplianceStandardsLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsLength'), + 0), 1, variables('regulatoryComplianceStandardsLength'))]\",\"regulatoryComplianceControlStatesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceControlStatesLength'), + 0), 1, variables('regulatoryComplianceControlStatesLength'))]\",\"stateMap\":{\"Failed\":\"failed\",\"Passed\":\"passed\",\"Skipped\":\"skipped\",\"Unsupported\":\"unsupported\"},\"triggerMap\":{\"Manual + (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center regulatory + compliance assessment is created or triggered\":\"When_a_Security_Center_Regulatory_Compliance_Assessment_is_created_or_triggered\"},\"doesAllStatesSelected\":\"[if(equals(length(parameters('regulatoryComplianceControlStates')),length(variables('stateMap'))),bool('true'),bool('false'))]\",\"doesAllStandardsSelected\":\"[if(equals(variables('regulatoryComplianceStandardsLength'),0),bool('true'),bool('false'))]\",\"allRegulatoryComplianceRuleSets\":[],\"customStandardsOrCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsOrCustomStateRuleSetsArr\",\"count\":\"[if(not(variables('doesAllStandardsSelected')),variables('regulatoryComplianceStandardsLength'),if(not(variables('doesAllStatesSelected')),variables('regulatoryComplianceControlStatesLength'),1))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(not(variables('doesAllStandardsSelected')),'id',if(not(variables('doesAllStatesSelected')),'properties.state',json('null')))]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[copyIndex('customStandardsOrCustomStateRuleSetsArr')],json('null')))]\",\"operator\":\"[if(not(variables('doesAllStandardsSelected')),'Contains',if(not(variables('doesAllStatesSelected')),'Equals',json('null')))]\"}]}}]},\"customStandardsAndCustomStateRuleSets\":{\"copy\":[{\"name\":\"customStandardsAndCustomStateRuleSetsArr\",\"count\":\"[if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),mul(variables('regulatoryComplianceStandardsLength'),variables('regulatoryComplianceControlStatesLength')),1)]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStandardsSelected')),parameters('regulatoryComplianceStandards')[mod(div(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength')), variables('regulatoryComplianceStandardsLength'))],json('null'))]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.state\",\"propertyType\":\"string\",\"expectedValue\":\"[if(not(variables('doesAllStatesSelected')),parameters('regulatoryComplianceControlStates')[mod(copyIndex('customStandardsAndCustomStateRuleSetsArr'), + variables('regulatoryComplianceControlStatesLength'))],json('null'))]\",\"operator\":\"Equals\"}]}}]},\"sourceRuleSets\":\"[if(and(variables('doesAllStandardsSelected'),variables('doesAllStatesSelected')),variables('allRegulatoryComplianceRuleSets'),if(and(not(variables('doesAllStandardsSelected')),not(variables('doesAllStatesSelected'))),variables('customStandardsAndCustomStateRuleSets').customStandardsAndCustomStateRuleSetsArr,variables('customStandardsOrCustomStateRuleSets').customStandardsOrCustomStateRuleSetsArr))]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', + parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"[parameters('automationName')]\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Workflow + Automation for Azure Security Center recommendations via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":[{\"eventSource\":\"RegulatoryComplianceAssessment\",\"ruleSets\":\"[variables('sourceRuleSets')]\"}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"regulatoryComplianceStandards\":{\"value\":\"[parameters('regulatoryComplianceStandards')]\"},\"regulatoryComplianceControlStates\":{\"value\":\"[parameters('regulatoryComplianceControlStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/509122b9-ddd9-47ba-a5f1-d0dac20be63c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"509122b9-ddd9-47ba-a5f1-d0dac20be63c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1566 - System Development Life Cycle\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50ad3724-e2ac-4716-afcc-d8eabd97adb9\"},{\"properties\":{\"displayName\":\"A @@ -22479,7 +30344,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"50fc602d-d8e0-444b-a039-ad138ee5deb0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1386 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5120193e-91fd-4f9d-bc6d-194f94734065\"},{\"properties\":{\"displayName\":\"Bot + Service should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Bot Service automatically encrypts your resource to protect your data and + meet organizational security and compliance commitments. By default, Microsoft-managed + encryption keys are used. For greater flexibility in managing keys or controlling + access to your subscription, select customer-managed keys, also known as bring + your own key (BYOK). Learn more about Azure Bot Service encryption: https://docs.microsoft.com/azure/bot-service/bot-service-encryption.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/isCmekEnabled\",\"notEquals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/51522a96-0869-4791-82f3-981000c2c67f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"51522a96-0869-4791-82f3-981000c2c67f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1352 - Incident Response Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"518cb545-bfa8-43f8-a108-3b7d5037469a\"},{\"properties\":{\"displayName\":\"Azure @@ -22487,7 +30360,13 @@ interactions: Defender for Kubernetes provides real-time threat protection for containerized environments and generates alerts for suspicious activities.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"KubernetesService\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"523b5cd1-3e23-492f-a539-13118b6d1e3a\"},{\"properties\":{\"displayName\":\"Synapse + workspaces should be configured with 90 days auditing retention or higher.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"For + incident investigation purposes, we recommend setting the data retention for + your Synapse workspace' audit to at least 90 days. Confirm that you're meeting + the necessary retention rules for the regions in which you're operating. This + is sometimes required for compliance with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/529ea018-6afc-4ed4-95bd-7c9ee47b00bc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"529ea018-6afc-4ed4-95bd-7c9ee47b00bc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1642 - Network Disconnect\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53397227-5ee3-4b23-9e5e-c8a767ce6928\"},{\"properties\":{\"displayName\":\"Connection @@ -22496,12 +30375,14 @@ interactions: throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"connection_throttling\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5345bb39-67dc-4960-a1bf-427e16b9a0bd\"},{\"properties\":{\"displayName\":\"Azure - SignalR Service should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure SignalR Service resources that do not have at least one approved private - endpoint connection. Clients in a virtual network can securely access resources - that have private endpoint connections through private links. For more information, - visit: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft + SignalR Service should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your SignalR resources + instead of the entire service, you'll also be protected against data leakage + risks .Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.SignalRService/SignalR/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53503636-bcc9-4748-9663-5348217f160f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53503636-bcc9-4748-9663-5348217f160f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1467 - Visitor Access Records\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5350cbf9-8bdd-4904-b22a-e88be84ca49d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -22528,11 +30409,11 @@ interactions: Managed Control 1045 - Unsuccessful Logon Attempts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\"},{\"properties\":{\"displayName\":\"[Preview]: - Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The - key vault firewall prevents unauthorized traffic from reaching your key vault + Firewall should be enabled on Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Key + vault's firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the - key vault firewall to make sure that only traffic from allowed networks can - access your key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + firewall to make sure that only traffic from allowed networks can access your + key vault.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"field\":\"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\"notEquals\":\"Deny\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"55615ac9-af46-4a59-874e-391cc3dfb490\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1523 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -22542,10 +30423,24 @@ interactions: Capacity\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"562afd61-56be-4313-8fe4-b9564aa4ba7d\"},{\"properties\":{\"displayName\":\"Web - Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - Web Application Firewall (WAF) on any Application Gateway. A Web Application - Firewall provides greater security for your other Azure resources.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Microsoft + Application Firewall (WAF) should be enabled for Application Gateway\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + Azure Web Application Firewall (WAF) in front of public facing web applications + for additional inspection of incoming traffic. Web Application Firewall (WAF) + provides centralized protection of your web applications from common exploits + and vulnerabilities such as SQL injections, Cross-Site Scripting, local and + remote file executions. You can also restrict access to your web applications + by countries, IP address ranges, and other http(s) parameters via custom rules.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/applicationGateways\"},{\"field\":\"Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\"},{\"properties\":{\"displayName\":\"Azure + Automation accounts should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure Automation + Accounts. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/automation-cmk.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.Keyvault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56a5ee18-2ae6-4810-86f7-18e39ce5629b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -22562,18 +30457,21 @@ interactions: Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Audit - Windows web servers that are not using secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the registry key - HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols - includes protocols less secure than what is selected in the policy parameter.\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\"notEquals\":\"*\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"},{\"properties\":{\"displayName\":\"Windows + web servers should be configured to use secure communication protocols\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + protect the privacy of information communicated over the Internet, your web + servers should use the latest version of the industry-standard cryptographic + protocol, Transport Layer Security (TLS). TLS secures communications over + a network by using security certificates to encrypt a connection between machines. + TLS 1.3 is faster and more secure than the earlier versions: TLS 1.0-1.2 and + SSL 2-3, which are all considered legacy protocols.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AuditSecureProtocol\",\"version\":\"1.*\",\"configurationParameter\":{\"MinimumTLSVersion\":\"[SecureWebServer]s1;MinimumTLSVersion\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"MinimumTLSVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Minimum TLS version\",\"description\":\"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as - non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', + non-compliant.\"},\"allowedValues\":[\"1.1\",\"1.2\"],\"defaultValue\":\"1.1\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AuditSecureProtocol\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', '=', parameters('MinimumTLSVersion')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5752e6d6-1206-46d8-8ab1-ecc2f71a8112\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1162 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -22595,7 +30493,15 @@ interactions: of critical processes.\"},\"allowedValues\":[\"No Auditing\",\"Success\",\"Failure\",\"Success and Failure\"],\"defaultValue\":\"No Auditing\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Audit - Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"Microsoft + Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58383b73-94a9-4414-b382-4146eb02611b\"},{\"properties\":{\"displayName\":\"CosmosDB + accounts should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your CosmosDB account, data + leakage risks are reduced. Learn more about private links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/58440f8a-10c5-4151-bdce-dfbaad4a20b7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"58440f8a-10c5-4151-bdce-dfbaad4a20b7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1584 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5864522b-ff1d-4979-a9f8-58bee1fb174c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -22694,12 +30600,13 @@ interactions: Managed Control 1433 - Media Transport\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b879b41-2728-41c5-ad24-9ee2c37cbe65\"},{\"properties\":{\"displayName\":\"Container - registries should be encrypted with a customer-managed key (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - or deny container registries that do not have encryption enabled with customer-managed - keys (CMK). Azure automatically encrypts registry contents at rest with service-managed - keys. You can supplement default encryption with an additional encryption - layer using a key that you create and manage in Azure Key Vault. For more - information on CMK encryption, please visit: https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.1\",\"category\":\"Container + registries should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your registries. By default, the data is encrypted at rest with service-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/acr/CMK.\",\"metadata\":{\"version\":\"1.1.2\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/encryption.status\",\"notEquals\":\"enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\"},{\"properties\":{\"displayName\":\"Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client @@ -22745,16 +30652,16 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Audit - Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsNetworkSecurity\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c028d2a-1889-45f6-b821-31f42711ced8\"},{\"properties\":{\"displayName\":\"Log + Analytics agent should be enabled in virtual machine scale sets for listed + virtual machine images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.EnterpriseCloud.Monitoring\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1671 - Flaw Remediation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5bbef7-a316-415b-9b38-29753ce8e698\"},{\"properties\":{\"displayName\":\"Microsoft @@ -22763,9 +30670,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c5e54f6-0127-44d0-8b61-f31dc8dd6190\"},{\"properties\":{\"displayName\":\"External accounts with write permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with write privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"04e7147b-0deb-9796-2e5c-0336343ceb3d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1483 - Water Damage Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5cb81060-3c8a-4968-bcdc-395a1801f6c1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -22833,27 +30740,67 @@ interactions: '2015-03-20').primarySharedKey]\"}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"},{\"properties\":{\"displayName\":\"[Preview]: Private endpoint should be configured for Key Vault\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - link provides a way to connect key vault to your Azure resources without sending + link provides a way to connect Key Vault to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection - against data exfiltration.\",\"metadata\":{\"version\":\"1.0.2-preview\",\"category\":\"Key + against data exfiltration.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Vulnerabilities + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.KeyVault/vaults/privateEndpointConnections[*]\"},\"equals\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0bc445-3935-4915-9981-011aa2b46147\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0bc445-3935-4915-9981-011aa2b46147\"},{\"properties\":{\"displayName\":\"Azure + Machine Learning workspaces should use user-assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manange + access to Azure ML workspace and associated resources, Azure Container Registry, + KeyVault, Storage, and App Insights using user-assigned managed identity. + By default, system-assigned managed identity is used by Azure ML workspace + to access the associated resources. User-assigned managed identity allows + you to create the identity as an Azure resource and maintain the life cycle + of that identity. Learn more at https://docs.microsoft.com/azure/machine-learning/how-to-use-managed-identities?tabs=python.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"exists\":false},{\"field\":\"Microsoft.MachineLearningServices/workspaces/primaryUserAssignedIdentity\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0c7d88-c7de-45b8-ac49-db49e72eaa78\"},{\"properties\":{\"displayName\":\"Vulnerabilities in Azure Container Registry images should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Container image vulnerability assessment scans your registry for security vulnerabilities on each pushed container image and exposes detailed findings for each image (powered by Qualys). Resolving the vulnerabilities can greatly improve your - containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + containers' security posture and protect them from attacks.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"equals\":\"Healthy\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"dbd0cb49-b563-45e7-9724-889e799fa648\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f0f936f-2f01-4bf5-b6be-d423792fa562\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f18c885-ade3-48c5-80b1-8f9216019c18\"},{\"properties\":{\"displayName\":\"External accounts with read permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with read privileges should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux machines to automatically install the Azure Security + agent\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux machines to automatically install the Azure Security agent. Security + Center collects events from the agent and uses them to provide security alerts + and tailored hardening tasks (recommendations). Create a resource group and + Log Analytics workspace in the same region as the machine to store audit records. + Target virtual machines must be in a supported location.\",\"metadata\":{\"category\":\"Security + Center\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureSecurityLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/Publisher\",\"equals\":\"Microsoft.Azure.Security.Monitoring\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"in\":[\"Succeeded\",\"Provisioning + succeeded\"]}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"location\":\"eastus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"resourceGroup\":{\"value\":\"[resourceGroup().name]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{\"pairedLocations\":{\"australiacentral\":\"australiacentral\",\"australiaeast\":\"australiaeast\",\"australiasoutheast\":\"australiasoutheast\",\"centralindia\":\"centralindia\",\"centralus\":\"centralus\",\"eastasia\":\"eastasia\",\"eastus2euap\":\"eastus2euap\",\"eastus\":\"eastus\",\"eastus2\":\"eastus2\",\"germanywestcentral\":\"germanywestcentral\",\"japaneast\":\"japaneast\",\"northcentralus\":\"northcentralus\",\"northeurope\":\"northeurope\",\"southcentralus\":\"southcentralus\",\"southeastasia\":\"southeastasia\",\"uksouth\":\"uksouth\",\"westcentralus\":\"westcentralus\",\"westeurope\":\"westeurope\",\"westus\":\"westus\",\"westus2\":\"westus2\"},\"locationLongNameToShortMap\":{\"australiacentral\":\"CAU\",\"australiaeast\":\"EAU\",\"australiasoutheast\":\"SEAU\",\"centralindia\":\"CIN\",\"centralus\":\"CUS\",\"eastasia\":\"EA\",\"eastus2euap\":\"eus2p\",\"eastus\":\"EUS\",\"eastus2\":\"EUS2\",\"germanywestcentral\":\"DEWC\",\"japaneast\":\"EJP\",\"northcentralus\":\"NCUS\",\"northeurope\":\"NEU\",\"southcentralus\":\"SCUS\",\"southeastasia\":\"SEA\",\"uksouth\":\"SUK\",\"westcentralus\":\"WCUS\",\"westeurope\":\"WEU\",\"westus\":\"WUS\",\"westus2\":\"WUS2\"},\"locationCode\":\"[variables('locationLongNameToShortMap')[variables('pairedLocations')[parameters('location')]]]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"defaultRGName\":\"[concat('DefaultResourceGroup-', + variables('locationCode'))]\",\"defaultRGLocation\":\"[variables('pairedLocations')[parameters('location')]]\",\"workspaceName\":\"[concat('defaultWorkspace-', + variables('subscriptionId'),'-', variables('locationCode'))]\",\"dcrName\":\"[concat('Microsoft-Security-', + variables('locationCode'), '-dcr')]\",\"dcrId\":\"[concat('/subscriptions/', + variables('subscriptionId'), '/resourceGroups/', variables('defaultRGName'), + '/providers/Microsoft.Insights/dataCollectionRules/', variables('dcrName'))]\",\"dcraName\":\"[concat(parameters('vmName'),'/Microsoft.Insights/Security-RulesAssociation')]\",\"deployAzureSecurityLinuxAgent\":\"[concat('deployAzureSecurityLinuxAgent-', + uniqueString(deployment().name))]\",\"deployDefaultAscResourceGroup\":\"[concat('deployDefaultAscResourceGroup-', + uniqueString(deployment().name))]\",\"deployDataCollectionRulesAssociation\":\"[concat('deployDataCollectionRulesAssociation-', + uniqueString(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployAzureSecurityLinuxAgent')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/', 'AzureSecurityLinuxAgent')]\",\"apiVersion\":\"2019-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Security.Monitoring\",\"type\":\"AzureSecurityLinuxAgent\",\"typeHandlerVersion\":\"2.0\",\"autoUpgradeMinorVersion\":\"true\",\"settings\":{},\"protectedsettings\":{}}}]}}},{\"type\":\"Microsoft.Resources/resourceGroups\",\"name\":\"[variables('defaultRGName')]\",\"apiVersion\":\"2019-05-01\",\"location\":\"[variables('defaultRGLocation')]\"},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDefaultAscResourceGroup')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[variables('defaultRGName')]\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"defaultRGLocation\":{\"value\":\"[variables('defaultRGLocation')]\"},\"workspaceName\":{\"value\":\"[variables('workspaceName')]\"},\"dcrName\":{\"value\":\"[variables('dcrName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"defaultRGLocation\":{\"type\":\"string\"},\"workspaceName\":{\"type\":\"string\"},\"dcrName\":{\"type\":\"string\"}},\"variables\":{\"securitySolution\":{\"Name\":\"[Concat('Security', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"Security\"},\"securityCenterFreeSolution\":{\"Name\":\"[Concat('SecurityCenterFree', + '(', parameters('workspaceName'), ')')]\",\"GalleryName\":\"SecurityCenterFree\"}},\"resources\":[{\"type\":\"Microsoft.OperationalInsights/workspaces\",\"name\":\"[parameters('workspaceName')]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"properties\":{\"sku\":{\"name\":\"pernode\"},\"retentionInDays\":30,\"features\":{\"searchVersion\":1}}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securitySolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securitySolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securitySolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.OperationsManagement/solutions\",\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"apiVersion\":\"2015-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\"},\"plan\":{\"name\":\"[variables('securityCenterFreeSolution').Name]\",\"publisher\":\"Microsoft\",\"product\":\"[Concat('OMSGallery/', + variables('securityCenterFreeSolution').GalleryName)]\",\"promotionCode\":\"\"}},{\"type\":\"Microsoft.Insights/dataCollectionRules\",\"name\":\"[parameters('dcrName')]\",\"apiVersion\":\"2019-11-01-preview\",\"location\":\"[parameters('defaultRGLocation')]\",\"dependsOn\":[\"[parameters('workspaceName')]\"],\"properties\":{\"description\":\"Data + collection rule for Azure Security Center. Deleting this rule will break the + detection of security vulnerabilities.\",\"dataSources\":{\"windowsEventLogs\":[{\"name\":\"RomeDetectionEventDataSource\",\"streams\":[\"Microsoft-RomeDetectionEvent\"],\"scheduledTransferPeriod\":\"PT5M\",\"xPathQueries\":[\"Security!*\",\"Microsoft-Windows-AppLocker/EXE + and DLL!*\"]}],\"syslog\":[{\"name\":\"SyslogDataSource\",\"streams\":[\"Microsoft-Syslog\"],\"facilityNames\":[\"kern\",\"auth\",\"authpriv\",\"cron\",\"user\",\"daemon\",\"syslog\",\"local0\"],\"logLevels\":[\"Debug\",\"Critical\",\"Emergency\"]}],\"extensions\":[{\"extensionName\":\"AzureSecurityLinuxAgent\",\"name\":\"AscLinuxDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"time\",\"frequency\":\"PT8H\"},{\"name\":\"antimalware\",\"frequency\":\"PT8H\"},{\"name\":\"codeintegrity\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Ubuntu\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Linux\"}]},{\"name\":\"docker\",\"frequency\":\"P1D\",\"options\":[{\"name\":\"Baseline\",\"value\":\"Azure.Docker.Linux\"},{\"name\":\"AscBaseline\",\"value\":\"OMS.Docker.Linux\"}]}]}},{\"extensionName\":\"AzureSecurityWindowsAgent\",\"name\":\"AsaWindowsDataSource\",\"streams\":[\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-ProcessInvestigator\",\"Microsoft-ProtectionStatus\",\"Microsoft-SecurityBaselineSummary\"],\"extensionSettings\":{\"scanners\":[{\"name\":\"heartbeat\",\"frequency\":\"PT1H\"},{\"name\":\"baseline\",\"frequency\":\"P1D\"},{\"name\":\"antimalware\",\"frequency\":\"P1D\"},{\"name\":\"processinvestigator\",\"frequency\":\"PT1H\"}]}}]},\"destinations\":{\"logAnalytics\":[{\"workspaceResourceId\":\"[resourceId('Microsoft.OperationalInsights/workspaces/', + parameters('workspaceName'))]\",\"name\":\"LogAnalyticsDest\"}]},\"dataFlows\":[{\"streams\":[\"Microsoft-Syslog\",\"Microsoft-OperationLog\",\"Microsoft-SecurityBaseline\",\"Microsoft-SecurityBaselineSummary\",\"Microsoft-RomeDetectionEvent\",\"Microsoft-ProcessInvestigator\",\"Microsoft-Auditd\",\"Microsoft-ProtectionStatus\",\"Microsoft-Heartbeat\"],\"destinations\":[\"LogAnalyticsDest\"]}]}}]}},\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups', + variables('defaultRGName'))]\"]},{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('deployDataCollectionRulesAssociation')]\",\"apiVersion\":\"2020-06-01\",\"resourceGroup\":\"[parameters('resourceGroup')]\",\"dependsOn\":[\"[variables('deployDefaultAscResourceGroup')]\"],\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"vmName\":{\"value\":\"[parameters('vmName')]\"},\"dcrId\":{\"value\":\"[variables('dcrId')]\"},\"dcraName\":{\"value\":\"[variables('dcraName')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"location\":{\"type\":\"string\"},\"vmName\":{\"type\":\"string\"},\"dcrId\":{\"type\":\"string\"},\"dcraName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\"name\":\"[parameters('dcraName')]\",\"apiVersion\":\"2019-11-01-preview\",\"properties\":{\"description\":\"Association + of data collection rule for Azure Security Center. Deleting this association + will break the detection of security vulnerabilities for this virtual machine.\",\"dataCollectionRuleId\":\"[parameters('dcrId')]\"}}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/5f8eb305-9c9f-4abe-9bb0-df220d9faba2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"5f8eb305-9c9f-4abe-9bb0-df220d9faba2\"},{\"properties\":{\"displayName\":\"[Deprecated]: Audit Windows virtual machines on which the Windows Guest Configuration extension is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits Windows virtual machines hosted in Azure that are supported @@ -22970,7 +30917,25 @@ interactions: toLower('microsoft.hybridcompute/machines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2018-11-20\",\"type\":\"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\"name\":\"[concat(parameters('vmName'), - '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Service + '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"assignmentType\":\"DeployAndAutoCorrect\",\"configurationParameter\":[{\"name\":\"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\"value\":\"[parameters('TimeZone')]\"}]}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6141c932-9384-44c6-a395-59e4c057d7c9\"},{\"properties\":{\"displayName\":\"Configure + private endpoints for App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints let you connect your virtual network to Azure services without a + public IP address at the source or destination. By mapping private endpoints + to your app configuration instances, data leakage risks are reduced. Learn + more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"configurationStores\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/614ffa75-862c-456e-ad8b-eaa1b0844b07\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"614ffa75-862c-456e-ad8b-eaa1b0844b07\"},{\"properties\":{\"displayName\":\"Bot + Service endpoint should be a valid HTTPS URI\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission. Protocols exist that provide encryption + to address problems of misuse and tampering. To ensure your bots are communicating + only over encrypted channels, set the endpoint to a valid HTTPS URI. This + ensures the HTTPS protocol is used to encrypt your data in transit and is + also often a requirement for compliance with regulatory or industry standards. + Please visit: https://docs.microsoft.com/azure/bot-service/bot-builder-security-guidelines.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Bot + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.BotService/botServices\"},{\"field\":\"Microsoft.BotService/botServices/endpoint\",\"notLike\":\"https://*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6164527b-e1ee-4882-8673-572f425f5e0a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6164527b-e1ee-4882-8673-572f425f5e0a\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the @@ -23014,7 +30979,15 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"WorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Connected workspace IDs\",\"description\":\"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"}}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId', - '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Microsoft + '=', parameters('WorkspaceId')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6265018c-d7e2-432f-a75d-094d5f6f4465\"},{\"properties\":{\"displayName\":\"Modify + Azure SignalR Service resources to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + improve the security of Azure SignalR Service resource, ensure that it isn't + exposed to the public internet and can only be accessed from a private endpoint. + Disable the public network access property as described in https://aka.ms/asrs/networkacls. + This option disables access from any public address space outside the Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules. This reduces data leakage risks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.SignalRService/SignalR\"},{\"anyOf\":[{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"exists\":false},{\"count\":{\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow[*]\"},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"Audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.defaultAction\",\"value\":\"Deny\"},{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.SignalRService/SignalR/networkACLs.publicNetwork.allow\",\"value\":[]}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62a3ae95-8169-403e-a2d2-b82141448092\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62a3ae95-8169-403e-a2d2-b82141448092\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"62b638c5-29d7-404b-8d93-f21e4b1ce198\"},{\"properties\":{\"displayName\":\"Microsoft @@ -23035,12 +31008,13 @@ interactions: if it can't establish a connection.\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsRemoteConnection\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[WindowsRemoteConnection]WindowsRemoteConnection1;host', '=', parameters('host'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;port', '=', parameters('port'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect', - '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Audit - Linux machines that are not using SSH key for authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if Non-compliant if - the machine allows passwords for authenticating through SSH\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('shouldConnect')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630ac30f-a234-4533-ac2d-e0df77acda51\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630ac30f-a234-4533-ac2d-e0df77acda51\"},{\"properties\":{\"displayName\":\"Authentication + to Linux machines should require SSH keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Although + SSH itself provides an encrypted connection, using passwords with SSH still + leaves the VM vulnerable to brute-force attacks. The most secure option for + authenticating to an Azure Linux virtual machine over SSH is with a public-private + key pair, also known as SSH keys. Learn more: https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed.\",\"metadata\":{\"category\":\"Guest + Configuration\",\"version\":\"2.0.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxNoPasswordForSSH\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxNoPasswordForSSH\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/630c64f9-8b6b-4c64-b511-6544ceff6fd6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"630c64f9-8b6b-4c64-b511-6544ceff6fd6\"},{\"properties\":{\"displayName\":\"Microsoft @@ -23078,7 +31052,15 @@ interactions: Allowed to format and eject removable media;ExpectedValue\",\"value\":\"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Microsoft + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6481cc21-ed6e-4480-99dd-ea7c5222e897\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use customer-managed keys to encrypt data at rest\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Azure HDInsight + clusters. By default, customer data is encrypted with service-managed keys, + but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/hdi.cmk.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"field\":\"Microsoft.HDInsight/clusters/diskEncryptionProperties.keyName\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/64d314f6-6062-4780-a861-c23e8951bee5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"64d314f6-6062-4780-a861-c23e8951bee5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6519d7f3-e8a2-4ff3-a935-9a9497152ad7\"},{\"properties\":{\"displayName\":\"Microsoft @@ -23119,12 +31101,14 @@ interactions: Managed Control 1319 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"66f7ae57-5560-4fc5-85c9-659f204e7a42\"},{\"properties\":{\"displayName\":\"Cognitive - Services accounts should enable data encryption with customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed - keys provide enhanced data protection by allowing you to manage your encryption - keys for data stored in Cognitive Services. This is often required to meet - compliance requirements.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cognitive + Services accounts should enable data encryption with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data stored in Cognitive Services to be encrypted with an + Azure Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more about + customer-managed keys at https://go.microsoft.com/fwlink/?linkid=2121321.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Cognitive Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The - effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"field\":\"Microsoft.CognitiveServices/accounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"},{\"count\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*]\",\"where\":{\"field\":\"Microsoft.CognitiveServices/accounts/capabilities[*].name\",\"equals\":\"CustomerManagedKey\"}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67121cc7-ff39-4ab8-b7e3-95b84dab487d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67de62b4-a737-4781-8861-3baed3c35069\"},{\"properties\":{\"displayName\":\"Windows @@ -23152,7 +31136,17 @@ interactions: insecure guest logons;ExpectedValue', '=', parameters('EnableInsecureGuestLogons'), ',', 'Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue', '=', parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'), - ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"Microsoft + ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"67e010c1-640d-438e-a3a5-feaccb533a98\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked service resource type should be in allow list\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Define + the allow list of Azure Data Factory linked service types. Restricting allowed + resource types enables control over the boundary of data movement. For example, + restrict a scope to only allow blob storage with Data Lake Storage Gen1 and + Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time + queries.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"allowedLinkedServiceResourceTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed linked service resource types\",\"description\":\"The list of allowed + linked service resource types.\"},\"allowedValues\":[\"AdlsGen2CosmosStructuredStream\",\"AdobeExperiencePlatform\",\"AdobeIntegration\",\"AmazonRedshift\",\"AmazonS3\",\"AzureBlobFS\",\"AzureBlobStorage\",\"AzureDataExplorer\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureDataShare\",\"AzureFileStorage\",\"AzureKeyVault\",\"AzureMariaDB\",\"AzureMySql\",\"AzurePostgreSql\",\"AzureSearch\",\"AzureSqlDatabase\",\"AzureSqlDW\",\"AzureSqlMI\",\"AzureTableStorage\",\"Cassandra\",\"CommonDataServiceForApps\",\"CosmosDb\",\"CosmosDbMongoDbApi\",\"Db2\",\"DynamicsCrm\",\"FileServer\",\"FtpServer\",\"GitHub\",\"GoogleCloudStorage\",\"Hdfs\",\"Hive\",\"HttpServer\",\"Informix\",\"Kusto\",\"MicrosoftAccess\",\"MySql\",\"Netezza\",\"Odata\",\"Odbc\",\"Office365\",\"Oracle\",\"PostgreSql\",\"Salesforce\",\"SalesforceServiceCloud\",\"SapBw\",\"SapHana\",\"SapOpenHub\",\"SapTable\",\"Sftp\",\"SharePointOnlineList\",\"Snowflake\",\"SqlServer\",\"Sybase\",\"Teradata\",\"HDInsightOnDemand\",\"HDInsight\",\"AzureDataLakeAnalytics\",\"AzureBatch\",\"AzureFunction\",\"AzureML\",\"AzureMLService\",\"MongoDb\",\"GoogleBigQuery\",\"Impala\",\"ServiceNow\",\"Dynamics\",\"AzureDatabricks\",\"AmazonMWS\",\"SapCloudForCustomer\",\"SapEcc\",\"Web\",\"MongoDbAtlas\",\"HBase\",\"Spark\",\"Phoenix\",\"PayPal\",\"Marketo\",\"Responsys\",\"SalesforceMarketingCloud\",\"Presto\",\"Square\",\"Xero\",\"Jira\",\"Magento\",\"Shopify\",\"Concur\",\"Hubspot\",\"Zoho\",\"Eloqua\",\"QuickBooks\",\"Couchbase\",\"Drill\",\"Greenplum\",\"MariaDB\",\"Vertica\",\"MongoDbV2\",\"OracleServiceCloud\",\"GoogleAdWords\",\"RestService\",\"DynamicsAX\",\"AzureDataCatalog\",\"AzureDatabricksDeltaLake\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"notIn\":\"[parameters('allowedLinkedServiceResourceTypes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6809a3d0-d354-42fb-b955-783d207c62a8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6809a3d0-d354-42fb-b955-783d207c62a8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -23271,9 +31265,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\"},{\"properties\":{\"displayName\":\"Deprecated accounts should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are - accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"00c6d40b-e990-6acf-d4f3-471e747a27c4\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Service Bus to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Service Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is created @@ -23294,16 +31288,51 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"OperationalLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b51af03-9277-49a9-a3f8-1c69c9ff7403\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1031 - Separation Of Duties\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Not - allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This - policy enables you to specify the resource types that your organization cannot - deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6b93a801-fe25-4574-a60d-cb22acffae00\"},{\"properties\":{\"displayName\":\"Vulnerabilities + on your SQL servers on machine should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + Vulnerability Assessment scans your database for security vulnerabilities, + and exposes any deviations from best practices such as misconfigurations, + excessive permissions, and unprotected sensitive data. Resolving the vulnerabilities + found can greatly improve your database security posture.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.HybridCompute/machines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"f97aa83c-9b63-4f9a-99f6-b22c4398f936\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6ba6d016-e7c3-4842-b8f2-4992ebc0d72d\"},{\"properties\":{\"displayName\":\"Not + allowed resource types\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Restrict + which resource types can be deployed in your environment. Limiting resource + types can reduce the complexity and attack surface of your environment while + also helping to manage costs. Compliance results are only shown for non-compliant + resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"General\"},\"parameters\":{\"listOfResourceTypesNotAllowed\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of resource types that cannot be deployed.\",\"displayName\":\"Not allowed - resource types\",\"strongType\":\"resourceTypes\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft + resource types\",\"strongType\":\"resourceTypes\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":\"[parameters('listOfResourceTypesNotAllowed')]\"},{\"value\":\"[field('type')]\",\"exists\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Kubernetes Service to stream resource logs + to a Log Analytics workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKubernetesDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Azure Kubernetes Service should be connected to\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AllMetrics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-apiserver\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-apiserver + - Enabled\",\"description\":\"Whether to stream kube-apiserver logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit + - Enabled\",\"description\":\"Whether to stream kube-audit logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-controller-manager\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-controller-manager + - Enabled\",\"description\":\"Whether to stream kube-controller-manager logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-scheduler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-scheduler + - Enabled\",\"description\":\"Whether to stream kube-scheduler logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"cluster-autoscaler\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"cluster-autoscaler + - Enabled\",\"description\":\"Whether to stream cluster-autoscaler logs to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"kube-audit-admin\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"kube-audit-admin + - Enabled\",\"description\":\"Whether to stream kube-audit-admin logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"guard\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"guard + - Enabled\",\"description\":\"Whether to stream guard logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AllMetrics\":{\"type\":\"string\"},\"kube-apiserver\":{\"type\":\"string\"},\"kube-audit\":{\"type\":\"string\"},\"kube-controller-manager\":{\"type\":\"string\"},\"kube-scheduler\":{\"type\":\"string\"},\"cluster-autoscaler\":{\"type\":\"string\"},\"kube-audit-admin\":{\"type\":\"string\"},\"guard\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.ContainerService/managedClusters/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetrics')]\"}],\"logs\":[{\"category\":\"kube-apiserver\",\"enabled\":\"[parameters('kube-apiserver')]\"},{\"category\":\"kube-audit\",\"enabled\":\"[parameters('kube-audit')]\"},{\"category\":\"kube-controller-manager\",\"enabled\":\"[parameters('kube-controller-manager')]\"},{\"category\":\"kube-scheduler\",\"enabled\":\"[parameters('kube-scheduler')]\"},{\"category\":\"cluster-autoscaler\",\"enabled\":\"[parameters('cluster-autoscaler')]\"},{\"category\":\"kube-audit-admin\",\"enabled\":\"[parameters('kube-audit-admin')]\"},{\"category\":\"guard\",\"enabled\":\"[parameters('guard')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"guard\":{\"value\":\"[parameters('guard')]\"},\"AllMetrics\":{\"value\":\"[parameters('AllMetrics')]\"},\"kube-apiserver\":{\"value\":\"[parameters('kube-apiserver')]\"},\"kube-audit\":{\"value\":\"[parameters('kube-audit')]\"},\"kube-scheduler\":{\"value\":\"[parameters('kube-scheduler')]\"},\"kube-controller-manager\":{\"value\":\"[parameters('kube-controller-manager')]\"},\"cluster-autoscaler\":{\"value\":\"[parameters('cluster-autoscaler')]\"},\"kube-audit-admin\":{\"value\":\"[parameters('kube-audit-admin')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6c66c325-74c8-42fd-a286-a74b0e2939d8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -23332,7 +31361,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dab4254-c30d-4bb7-ae99-1d21586c063c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1651 - Mobile Code\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Enable + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6db63528-c9ba-491c-8a80-83e1e6977a50\"},{\"properties\":{\"displayName\":\"Configure + Azure Automation accounts with private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. You + need private DNS zone properly configured to connect to Azure Automation account + via Azure Private Link. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint group id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"automationAccounts-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6dd01e4f-1be1-4e80-9d0b-d109e04cb064\"},{\"properties\":{\"displayName\":\"Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace.\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Allow Security Center to auto provision the Log Analytics agent on your subscriptions @@ -23356,20 +31394,58 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6e8f9566-29f1-49cd-b61f-f8628a3cf993\"},{\"properties\":{\"displayName\":\"Storage account should use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private links enforce secure communication, by providing private connectivity to the - storage account\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft + storage account\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6edd7eda-6dd8-40f7-810d-67160c639cd9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6edd7eda-6dd8-40f7-810d-67160c639cd9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1460 - Access Control For Output Devices\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f3ce1bb-4f77-4695-8355-70b08d54fdda\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1320 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Storage - account should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure - your storage account with greater flexibility using customer-managed keys - (CMKs). When you specify a CMK, that key is used to protect and control access - to the key that encrypts your data. Using CMKs provides additional capabilities - to control rotation of the key encryption key or cryptographically erase data.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f54c732-71d4-4f93-a696-4e373eca3a77\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for storage accounts to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for storage accounts to stream resource logs to a + Log Analytics workspace when any storage account which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"category\":\"Storage\",\"version\":\"1.1.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"storageAccountsDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the storage account should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"StorageDelete\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageDelete + - Enabled\",\"description\":\"Whether to stream StorageDelete logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageWrite\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageWrite + - Enabled\",\"description\":\"Whether to stream StorageWrite logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"StorageRead\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"StorageRead + - Enabled\",\"description\":\"Whether to stream StorageRead logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Transaction\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Transaction + - Enabled\",\"description\":\"Whether to stream Transaction logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Transaction\":{\"type\":\"string\"},\"StorageRead\":{\"type\":\"string\"},\"StorageWrite\":{\"type\":\"string\"},\"StorageDelete\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.storage/storageAccounts/blobServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/fileServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/tableServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/queueServices/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/default/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"StorageRead\",\"enabled\":\"[parameters('StorageRead')]\"},{\"category\":\"StorageWrite\",\"enabled\":\"[parameters('StorageWrite')]\"},{\"category\":\"StorageDelete\",\"enabled\":\"[parameters('StorageDelete')]\"}]}},{\"type\":\"Microsoft.storage/storageAccounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Transaction\",\"enabled\":\"[parameters('Transaction')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"Transaction\":{\"value\":\"[parameters('Transaction')]\"},\"StorageDelete\":{\"value\":\"[parameters('StorageDelete')]\"},\"StorageWrite\":{\"value\":\"[parameters('StorageWrite')]\"},\"StorageRead\":{\"value\":\"[parameters('StorageRead')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6f8f98a4-f108-47cb-8e98-91a0d85cd474\"},{\"properties\":{\"displayName\":\"Storage + accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + your storage account with greater flexibility using customer-managed keys. + When you specify a customer-managed key, that key is used to protect and control + access to the key that encrypts your data. Using customer-managed keys provides + additional capabilities to control rotation of the key encryption key or cryptographically + erase data.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fac406b-40ca-413b-bf8e-0bf964659c25\"},{\"properties\":{\"displayName\":\"Workbooks + should be saved to storage accounts that you control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + bring your own storage (BYOS), your workbooks are uploaded into a storage + account that you control. That means you control the encryption-at-rest policy, + the lifetime management policy, and network access. You will, however, be + responsible for the costs associated with that storage account. For more information, + visit https://aka.ms/workbooksByos\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Audit, + Deny, or Disable the execution of this policy\"},\"allowedValues\":[\"deny\",\"audit\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"microsoft.insights/workbooks\"},{\"field\":\"microsoft.insights/workbooks/storageUri\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fc8115b-2008-441f-8c61-9b722c1e537f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fc8115b-2008-441f-8c61-9b722c1e537f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your resources, they'll be protected against data leakage risks. Learn + more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/topics\"},{\"field\":\"kind\",\"notEquals\":\"AzureArc\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventGrid/topics/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventGrid/topics/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"topic\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fcec95c-fbdf-45e8-91e1-e3175d9c9eca\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"6fdefbf4-93e7-4513-bc95-c1858b7093e0\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -23386,14 +31462,22 @@ interactions: or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"[Deprecated]: + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7008174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"OS + and data disks should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of the contents of + your managed disks. By default, the data is encrypted at rest with platform-managed + keys, but customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"value\":\"[length(field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"exists\":\"true\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]'))]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"anyOf\":[{\"count\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*]\",\"where\":{\"value\":\"[length(current('Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId'))]\",\"notEquals\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"exists\":\"true\"}}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"exists\":\"False\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"exists\":\"true\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"702dd420-7fcc-42c5-afe8-4026edd20fe0\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. @@ -23584,13 +31668,13 @@ interactions: or to include additional functionality. Using the latest Python version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this - policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7238174a-fd10-4ef0-817e-fc820a951d73\"},{\"properties\":{\"displayName\":\"Ensure that 'PHP version' is the latest, if used as a part of the WEB app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Periodically, newer versions are released for PHP software either due to security flaws @@ -23601,7 +31685,15 @@ interactions: Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"PHPLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest PHP version\",\"description\":\"Latest supported PHP version for App Services\"},\"defaultValue\":\"7.3\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PHP\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PHP|', - parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('PHPLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7261b898-8a84-4db8-9e04-18527132abb3\"},{\"properties\":{\"displayName\":\"[Preview]: + Windows machines should meet requirements of the Azure Security Center baseline\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires + that prerequisites are deployed to the policy assignment scope. For details, + visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not + configured correctly for one of the recommendations in the Azure Security + Center baseline.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureWindowsBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Include Arc connected servers\",\"description\":\"By selecting this option, + you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureWindowsBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -23628,7 +31720,7 @@ interactions: parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"726aca4c-86e9-4b04-b0c5-073027359532\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure Synapse workspaces should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoints can be configured to connect privately to an Azure Synapse workspace. - This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + This is used to enforce a secure communication channel to Azure Synapse workspace.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},{\"count\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Synapse/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/72d11df1-dd8a-41f7-8925-b05b960ebafc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"72d11df1-dd8a-41f7-8925-b05b960ebafc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1524 - Personnel Transfer\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -23639,7 +31731,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"731856d8-1598-4b75-92de-7d46235747c0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"},{\"properties\":{\"displayName\":\"Configure + App Configuration to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for App Configuration so that it isn't accessible over + the public internet. This configuration helps protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greater(requestContext().apiVersion, + '2019-10-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.AppConfiguration/configurationStores/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73290fa2-dfa7-4bbb-945d-a5e23b75df2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73290fa2-dfa7-4bbb-945d-a5e23b75df2c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1456 - Physical Access Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"733ba9e3-9e7c-440a-a7aa-6196a90a2870\"},{\"properties\":{\"displayName\":\"Deploy @@ -23648,7 +31748,7 @@ interactions: workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation - task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation + task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow automation is created. If you enter a name for a resource group that doesn't @@ -23658,8 +31758,7 @@ interactions: IDs\",\"description\":\"For all recommendations, leave empty. For specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/en-us/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"recommendationStates\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation states\",\"description\":\"Determines recommendation states. Recommendations @@ -23668,13 +31767,14 @@ interactions: detects it as healthy. A recommendation is not-applicable if, for example, it was disabled in the Security Policy. Example: Healthy;Unhealthy;Not Applicable;\"},\"allowedValues\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"],\"defaultValue\":[\"Healthy\",\"Unhealthy\",\"Not Applicable\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Recommendation is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Recommendation is - created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + created or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(if(equals(length(parameters('recommendationNames')),0),array('Microsoft.Security/assessments'),parameters('recommendationNames')),parameters('recommendationSeverities'),if(contains(parameters('recommendationStates'),'Not + Applicable'),union(parameters('recommendationStates'), array('notapplicable')),parameters('recommendationStates')))]\"},{\"count\":{\"value\":\"[parameters('recommendationSeverities')]\",\"name\":\"recommendationSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.metadata.severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationSeverity')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationSeverities'))]\"},{\"count\":{\"value\":\"[parameters('recommendationStates')]\",\"name\":\"recommendationState\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"properties.status.code\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[replace(current('recommendationState'), + ' ','')]\"}]}},\"equals\":\"[mul(max(1,length(parameters('recommendationNames'))),length(parameters('recommendationSeverities')))]\"}},\"equals\":\"[length(parameters('recommendationStates'))]\"},{\"count\":{\"value\":\"[parameters('recommendationNames')]\",\"name\":\"recommendationName\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"name\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('recommendationName')]\"}]}},\"equals\":\"[mul(length(parameters('recommendationSeverities')),length(parameters('recommendationStates')))]\"}},\"equals\":\"[length(parameters('recommendationNames'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"recommendationStates\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"recommendationStatesLength\":\"[length(parameters('recommendationStates'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"recommendationStatesLengthIfEmpty\":\"[if(equals(variables('recommendationStatesLength'), @@ -23691,15 +31791,25 @@ interactions: variables('totalRuleCombinationsForOneRecommendationName')), variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationSeverity')), variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"},{\"propertyJPath\":\"properties.status.code\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('stateMap')[parameters('recommendationStates')[mod(div(copyIndex('ruleSets'), variables('totalRuleCombinationsForOneRecommendationState')), variables('recommendationStatesLength'))]]]\",\"operator\":\"Contains\"}]}}]}],\"actions\":[{\"actionType\":\"LogicApp\",\"logicAppResourceId\":\"[parameters('logicAppResourceId')]\",\"uri\":\"[listCallbackUrl(concat(parameters('logicAppResourceId'), - '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"Microsoft + '/triggers/', variables('triggerMap')[parameters('logicAppTrigger')]),'2016-06-01').value]\"}]}}]}}}]},\"parameters\":{\"automationName\":{\"value\":\"[parameters('automationName')]\"},\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"recommendationStates\":{\"value\":\"[parameters('recommendationStates')]\"},\"logicAppResourceId\":{\"value\":\"[parameters('logicAppResourceId')]\"},\"logicAppTrigger\":{\"value\":\"[parameters('logicAppTrigger')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73d6ab6c-2475-4850-afd6-43795f3492ef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73d6ab6c-2475-4850-afd6-43795f3492ef\"},{\"properties\":{\"displayName\":\"API + Management service should use a SKU that supports virtual networks\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of API Management, deploying service into a virtual network + unlocks advanced API Management networking and security features which provides + you greater control over your network security configuration. Learn more at: + https://aka.ms/apimvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + list of SKUs that can be specified for Azure API Management service.\",\"displayName\":\"Allowed + SKUs\"},\"allowedValues\":[\"Developer\",\"Basic\",\"Standard\",\"Premium\",\"Isolated\",\"Consumption\"],\"defaultValue\":[\"Developer\",\"Premium\",\"Isolated\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ApiManagement/service\"},{\"not\":{\"field\":\"Microsoft.ApiManagement/service/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"73ef9241-5d81-4cd4-b483-8443d1730fe5\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1581 - Information System Documentation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"742b549b-7a25-465f-b83c-ea1ffb4f4e0e\"},{\"properties\":{\"displayName\":\"Allowed storage account SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of storage account SKUs that your organization - can deploy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The + can deploy.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the audit policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"},\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of SKUs that can be specified for storage accounts.\",\"displayName\":\"Allowed - SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft + SKUs\",\"strongType\":\"StorageSKUs\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"not\":{\"field\":\"Microsoft.Storage/storageAccounts/sku.name\",\"in\":\"[parameters('listOfAllowedSKUs')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7433c107-6db4-4ad1-b57a-a76dce0154a1\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\"},{\"properties\":{\"displayName\":\"Ensure @@ -23708,14 +31818,19 @@ interactions: or to include additional functionality. Using the latest Python version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only - applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App + applies to Linux web apps.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"WindowsPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Latest Windows Python version\",\"description\":\"Latest supported Python version for App Services\",\"deprecated\":true},\"defaultValue\":\"3.6\"},\"LinuxPythonLatestVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Linux Latest Python version\",\"description\":\"Latest supported Python version - for App Services\"},\"defaultValue\":\"3.8\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', - parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Microsoft + for App Services\"},\"defaultValue\":\"3.9\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"notContains\":\"PYTHON\"},{\"field\":\"Microsoft.Web/sites/config/web.linuxFxVersion\",\"equals\":\"[concat('PYTHON|', + parameters('LinuxPythonLatestVersion'))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c3584d-afae-46f7-a20a-6f8adba71a16\"},{\"properties\":{\"displayName\":\"Public + network access should be disabled for Batch accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access on a Batch account improves security by ensuring your + Batch account can only be accessed from a private endpoint. Learn more about + disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"74c5a0ae-5e48-4738-b093-65e23a060488\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7522ed84-70d5-4181-afc0-21e50b1b6d0e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -23731,7 +31846,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75603f96-80a1-4757-991d-5a1221765ddd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Private + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7582b19c-9dba-438e-aed8-ede59ac35ba3\"},{\"properties\":{\"displayName\":\"Configure + Azure Migrate resources to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Migrate + project. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Migrate\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"Default\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/assessmentProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.Migrate/migrateProjects\"},{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\"contains\":\"Microsoft.OffAzure/masterSites\"}]}]}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"default-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7590a335-57cf-4c95-babd-ecbc8fafeb1f\"},{\"properties\":{\"displayName\":\"Private endpoint should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MySQL. Configure a private endpoint connection to enable @@ -23740,12 +31863,12 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMySQL/servers/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7595c971-233d-4bcf-bd18-596129188c49\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1459 - Access Control For Transmission Medium\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"Vulnerabilities - should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without - a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy + a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\"metadata\":{\"version\":\"3.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"71992a2a-d168-42e0-b10e-6b45fa2ecddb\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"760a85ff-6162-42b3-8d70-698e268f648c\"},{\"properties\":{\"displayName\":\"Deploy Dependency agent for Linux virtual machine scale sets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale @@ -23758,7 +31881,8 @@ interactions: extension for: ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"},{\"properties\":{\"displayName\":\"Private endpoint connections on Azure SQL Database should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private endpoint connections enforce secure communication by enabling private connectivity - to Azure SQL Database.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft + to Azure SQL Database.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7698e800-9299-47a6-b3b6-5a0fee576eed\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -23780,7 +31904,12 @@ interactions: policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"Virtual + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/logProfiles\",\"existenceCondition\":{\"field\":\"Microsoft.Insights/logProfiles/categories\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7796937f-307b-4598-941c-67d3a05ebfe7\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory should use a Git repository for source control\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enable + source control on data factories, to gain capabilities such as change tracking, + collaboration, continuous integration, and deployment.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories\"},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"exists\":\"false\"},{\"field\":\"Microsoft.DataFactory/factories/repoConfiguration.repositoryName\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77d40665-3120-4348-b539-3192ec808307\"},{\"properties\":{\"displayName\":\"Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet @@ -23790,7 +31919,13 @@ interactions: Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"AuditIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"equals\":\"[parameters('subnetId')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77e8b146-0078-4fb2-b002-e112381199f0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"77f56280-e367-432a-a3b9-8ca2aa636a26\"},{\"properties\":{\"displayName\":\"Azure + Cache for Redis should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints lets you connect your virtual network to Azure services without + a public IP address at the source or destination. By mapping private endpoints + to your Azure Cache for Redis instances, data leakage risks are reduced. Learn + more at: https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Cache/redis/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Cache/redis/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7803067c-7d34-46e3-8c79-0ca68fc4036d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7803067c-7d34-46e3-8c79-0ca68fc4036d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1258 - Contingency Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7814506c-382c-4d33-a142-249dd4a0dbff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -23803,7 +31938,16 @@ interactions: Managed Control 1700 - Information System Monitoring | Unauthorized Network Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + Azure Machine Learning workspace, you can reduce data leakage risks. Learn + more about private links at: https://docs.microsoft.com/azure/machine-learning/how-to-configure-private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"amlworkspace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7838fd83-5cbb-4b5d-888c-bfa240972597\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7838fd83-5cbb-4b5d-888c-bfa240972597\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1010 - Account Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"784663a8-1eb0-418a-a98c-24d19bc1bb62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -23816,7 +31960,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"78e8e649-50f6-4fe3-99ac-fedc2e63b03f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1647 - Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"},{\"properties\":{\"displayName\":\"Azure + Cosmos DB should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your CosmosDB account + isn't exposed on the public internet. Creating private endpoints can limit + exposure of your CosmosDB account. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"797b37f7-06b8-444c-b1ad-fc62867f335a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1510 - Position Risk Designation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"79da5b09-0e7e-499e-adda-141b069c7998\"},{\"properties\":{\"displayName\":\"Microsoft @@ -23855,7 +32005,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a1e2c88-13de-4959-8ee7-47e3d74f1f48\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1289 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a724864-956a-496c-b778-637cb1d762cf\"},{\"properties\":{\"displayName\":\"Configure + private DNS zones for private endpoints connected to App Configuration\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve app configuration + instances. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"configurationStores\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-azconfig-io\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a860e27-9ca2-4fc6-822d-c2d248c300df\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1687 - Information System Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7a87fc7f-301e-49f3-ba2a-4d74f424fa97\"},{\"properties\":{\"displayName\":\"Allow @@ -23869,16 +32028,22 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ac22808-a2e8-41c4-9d46-429b50738914\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1492 - System Security Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ad5f307-e045-46f7-8214-5bdb7e973737\"},{\"properties\":{\"displayName\":\"Azure + Attestation providers should use private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints provide a way to connect Azure Attestation providers to your Azure + resources without sending traffic over the public internet. By preventing + public access, private endpoints help protect against undesired anonymous + access.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Attestation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Attestation/attestationProviders\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateEndpoint\",\"exists\":\"true\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/provisioningState\",\"equals\":\"Succeeded\"},{\"field\":\"Microsoft.Attestation/attestationProviders/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b256a2d-058b-41f8-bed9-3f870541c40a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b256a2d-058b-41f8-bed9-3f870541c40a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7b694eed-7081-43c6-867c-41c76c961043\"},{\"properties\":{\"displayName\":\"Resource logs in Virtual Machine Scale Sets should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It is recommended to enable Logs so that activity trail can be recreated when - investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + investigations are required in the event of an incident or a compromise.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"includeAKSClusters\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include - AKS Clusters\",\"description\":\"Whether to include AKS Clusters to Diagnostic + AKS Clusters\",\"description\":\"Whether to include AKS Clusters to resource logs extension - True or False\"},\"defaultValue\":false}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":true}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"value\":\"[parameters('includeAKSClusters')]\",\"equals\":false},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notEquals\":\"microsoft-aks\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notEquals\":\"aks\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"aks*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"IaaSDiagnostics\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Diagnostics\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\"equals\":\"LinuxDiagnostic\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"in\":[\"Microsoft.OSTCExtensions\",\"Microsoft.Azure.Diagnostics\"]}]}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7c1b1214-f927-48bf-8882-84f0af6588b1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Require blob encryption for storage accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures blob encryption for storage accounts is turned on. It only @@ -23895,9 +32060,12 @@ interactions: implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\"},{\"properties\":{\"displayName\":\"Azure Cache for Redis should reside within a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure - Cache for Redis has the ability to reside within a virtual network, which - is a way for the resource to have a non-public endpoint controlled and managed - by the user.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + Virtual Network deployment provides enhanced security and isolation for your + Azure Cache for Redis, as well as subnets, access control policies, and other + features to further restrict access.When an Azure Cache for Redis instance + is configured with a virtual network, it is not publicly addressable and can + only be accessed from virtual machines and applications within the virtual + network.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Cache\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Cache/redis\"},{\"field\":\"Microsoft.Cache/Redis/subnetId\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d092e0a-7acd-40d2-a975-dca21cae48c4\"},{\"properties\":{\"displayName\":\"Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Encrypting @@ -23906,7 +32074,15 @@ interactions: and industry compliance standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. - 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Microsoft + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"exists\":\"False\"},{\"field\":\"Microsoft.ContainerService/managedClusters/diskEncryptionSetID\",\"equals\":\"\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d7be79c-23ba-4033-84dd-45e2a5ccdd67\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Service + Bus namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},{\"field\":\"Microsoft.ServiceBus/namespaces/sku.tier\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ServiceBus/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7d890f7f-100c-473d-baa1-2777e2266535\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7d890f7f-100c-473d-baa1-2777e2266535\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -23933,7 +32109,18 @@ interactions: auditing Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure SQL Database server to Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure SQL Database server to stream resource logs + to a Log Analytics workspace when any SQL Server which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"logAnalyticsWorkspaceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the server should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"logAnalyticsWorkspaceId\":{\"type\":\"string\"}},\"variables\":{\"diagnosticSettingsName\":\"SQLSecurityAuditEvents_3d229c42-c7e7-4c97-9a99-ec0d0d8b86c1\"},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"name\":\"[concat(parameters('serverName'),'/master/microsoft.insights/',variables('diagnosticSettingsName'))]\",\"apiVersion\":\"2017-05-01-preview\",\"properties\":{\"name\":\"[variables('diagnosticSettingsName')]\",\"workspaceId\":\"[parameters('logAnalyticsWorkspaceId')]\",\"logs\":[{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":true,\"retentionPolicy\":{\"days\":0,\"enabled\":false}}]}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"dependsOn\":[\"[concat('Microsoft.Sql/servers/', + parameters('serverName'),'/databases/master/providers/microsoft.insights/diagnosticSettings/', + variables('diagnosticSettingsName'))]\"],\"properties\":{\"state\":\"Enabled\",\"isAzureMonitorTargetEnabled\":true}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"logAnalyticsWorkspaceId\":{\"value\":\"[parameters('logAnalyticsWorkspaceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/7ea8a143-05e3-4553-abfe-f56bef8b0b70\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"7ea8a143-05e3-4553-abfe-f56bef8b0b70\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -24279,28 +32466,27 @@ interactions: subscription().subscriptionId, '/resourceGroups/', parameters('vmRgName'), '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]\"}}],\"outputs\":{\"status\":{\"type\":\"string\",\"value\":\"[concat('Backup enabled successfully for VM:', ' ', parameters('vmName'), 'Backup Vault: ', - variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Diagnostic + variables('vaultName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmRgName\":{\"value\":\"[resourceGroup().name]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83644c87-93dd-49fe-bf9f-6aff8fd0834e\"},{\"properties\":{\"displayName\":\"Resource logs in Event Hub should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Event + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Event Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a214f7-d01a-484b-91a9-ed54470c9a6a\"},{\"properties\":{\"displayName\":\"Network interfaces should not have public IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"parameters\":{},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id\",\"notLike\":\"*\"}}]},\"then\":{\"effect\":\"deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83a86a26-fd1f-447c-b59d-e51f44264114\"},{\"properties\":{\"displayName\":\"Bring - your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Using - customer-managed keys for encrypting data at rest in your Azure Database for - MySQL database servers enables implementing a separation of duties in the - management of keys and data. When you configure a customer-managed key, the - key is used to protect and control access to the key that encrypts your data. - You have full control and responsibility for the key lifecycle, including - rotation and management. The use of customer-managed keys is sometimes required - for compliance purposes.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + your own key data protection should be enabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your MySQL servers. + By default, the data is encrypted at rest with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMySQL/servers/keys\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/keys/serverKeyType\",\"equals\":\"AzureKeyVault\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"notEquals\":\"\"},{\"field\":\"Microsoft.DBforMySQL/servers/keys/uri\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"83cef61d-dbd1-4b20-a4fc-5fbc7da10833\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1382 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -24460,7 +32646,21 @@ interactions: Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your IoT Hub device provisioning instance so that + it's not accessible over the public internet. This can reduce data leakage + risks. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-03-01')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/859dfc91-ea35-43a6-8256-31271c363794\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"859dfc91-ea35-43a6-8256-31271c363794\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory integration runtime should have a limit for number of cores\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"To + manage your resources and costs, limit the number of cores for an integration + runtime.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"maxCores\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"[Preview]: + Allowed max number of cores\",\"description\":\"The max number of cores allowed + for dataflow.\"},\"defaultValue\":32}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/integrationRuntimes\"},{\"field\":\"Microsoft.DataFactory/factories/integrationruntimes/type\",\"equals\":\"Managed\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/integrationRuntimes/Managed.typeProperties.computeProperties.dataFlowProperties.coreCount\",\"greater\":\"[parameters('maxCores')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/85bb39b5-2f66-49f8-9306-77da3ac5130f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"85bb39b5-2f66-49f8-9306-77da3ac5130f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -24468,11 +32668,11 @@ interactions: Managed Control 1326 - Authenticator Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8605fc00-1bf5-4fb3-984e-c95cec4f231d\"},{\"properties\":{\"displayName\":\"Azure - Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit - or deny resources that do not have any IP rules configured and allow all networks - by default. Accounts that have at least one IP rule defined with the virtual - network filter enabled are deemed compliant. Accounts disabling public access - are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + Cosmos DB accounts should have firewall rules\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Firewall + rules should be defined on your Azure Cosmos DB accounts to prevent traffic + from unauthorized sources. Accounts that have at least one IP rule defined + with the virtual network filter enabled are deemed compliant. Accounts disabling + public access are also deemed compliant.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Cosmos DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Policy Effect\",\"description\":\"The desired effect of the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"equals\":\"Enabled\"}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\"equals\":\"false\"},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules\",\"exists\":\"false\"},{\"count\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRules[*]\"},\"equals\":0}]},{\"anyOf\":[{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"exists\":\"false\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\"equals\":\"\"}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options @@ -24496,9 +32696,9 @@ interactions: '/current')]\",\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\",\"apiVersion\":\"2014-04-01\",\"properties\":{\"status\":\"Enabled\"}}]},\"parameters\":{\"fullDbName\":{\"value\":\"[field('fullName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\"},{\"properties\":{\"displayName\":\"System updates should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Missing security system updates on your servers will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c0f5316d-5ac5-9218-b77a-b96e16ccfd66\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"4ab6e3c5-74dd-8b35-9ab9-f61b30875b27\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86b3d65f-7626-441e-b690-81a8b71cff60\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1507 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"86ccd1bf-e7ad-4851-93ce-6ec817469c1e\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -24636,12 +32836,29 @@ interactions: Managed Control 1215 - Least Functionality\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"88fc93e8-4745-4785-b5a5-b44bb92c44ff\"},{\"properties\":{\"displayName\":\"SQL - servers should be configured with 90 days auditing retention or higher.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL - servers should be configured with 90 days auditing retention or higher.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + servers should be configured with 90 days auditing retention or higher\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"SQL + servers should be configured with 90 days auditing retention or higher.\",\"metadata\":{\"version\":\"2.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"equals\":0},{\"field\":\"Microsoft.Sql/servers/auditingSettings/retentionDays\",\"greaterOrEquals\":90}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89099bee-89e0-4b26-a5f4-165451757743\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1411 - Nonlocal Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898d4fe8-f743-4333-86b7-0c9245d93e7d\"},{\"properties\":{\"displayName\":\"Modify + - Configure Azure Event Grid domains to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for Azure Event Grid resource so that it isn't accessible + over the public internet. This will help protect them against data leakage + risks. You can limit exposure of the your resources by creating private endpoints + instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"category\":\"Event + Grid\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2020-04-01-preview')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"898e9824-104c-4965-8e0e-5197588fa5d4\"},{\"properties\":{\"displayName\":\"App + Configuration should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"When + using a supported SKU, Azure Private Link lets you connect your virtual network + to Azure services without a public IP address at the source or destination. + The private link platform handles the connectivity between the consumer and + services over the Azure backbone network. By mapping private endpoints to + your app configuration instances instead of the entire service, you'll also + be protected against data leakage risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},{\"field\":\"Microsoft.AppConfiguration/configurationStores/sku.name\",\"equals\":\"Free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/89c8a434-18f0-402c-8147-630a8dea54e0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"89c8a434-18f0-402c-8147-630a8dea54e0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a29d47b-8604-4667-84ef-90d203fcb305\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -24652,7 +32869,13 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsSystemsettings\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8a39d1f1-5513-4628-b261-f469a5a3341b\"},{\"properties\":{\"displayName\":\"Azure + Container Instance container group should deploy into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Secure + communication between your containers with Azure Virtual Networks. When you + specify a virtual network, resources within the virtual network can securely + and privately communicate with each other.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Instance\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerInstance/containerGroups\"},{\"field\":\"Microsoft.ContainerInstance/containerGroups/networkProfile.id\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8af8f826-edcb-4178-b35f-851ea6fea615\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs with a pending reboot\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -24764,7 +32987,15 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom - workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Microsoft + workspace.\",\"strongType\":\"omsWorkspace\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"deploymentScope\":\"Subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/autoProvisioningSettings/autoProvision\",\"equals\":\"On\"},\"deployment\":{\"location\":\"westus\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"logAnalytics\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/autoProvisioningSettings\",\"name\":\"default\",\"apiVersion\":\"2017-08-01-preview\",\"properties\":{\"autoProvision\":\"On\"}},{\"type\":\"Microsoft.Security/workspaceSettings\",\"apiVersion\":\"2017-08-01-preview\",\"name\":\"default\",\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"scope\":\"[subscription().id]\"}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e7da0a5-0a0e-4bbc-bfc0-7773c018b616\"},{\"properties\":{\"displayName\":\"Configure + Azure SQL Server to enable private endpoint connections\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint connection enables private connectivity to your Azure SQL + Database via a private IP address inside a virtual network. This configuration + improves your security posture and supports Azure networking tools and scenarios.\",\"metadata\":{\"category\":\"SQL\",\"version\":\"1.0.0\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Subnet + to use for Private Endpoints\",\"description\":\"The name of the subnet within + the virtual network that you would like to use for your Private Endpoint Connection + deployment\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"count\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Sql/servers/privateEndpointConnections[*].id\",\"exists\":\"false\"}},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/privateEndpointConnections\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"subnetlocation\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"name\":\"[variables('privateEndpointName')]\",\"location\":\"[parameters('subnetlocation')]\",\"properties\":{\"privateLinkServiceConnections\":[{\"name\":\"[parameters('name')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"sqlServer\"],\"privateLinkServiceConnectionState\":{\"status\":\"Approved\",\"description\":\"Auto-approved\",\"actionsRequired\":\"None\"}}}],\"manualPrivateLinkServiceConnections\":[],\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"customDnsConfigs\":[]}}]},\"parameters\":{\"name\":{\"value\":\"[parameters('name')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"subnetlocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e8ca470-d980-4831-99e6-dc70d9f6af87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e8ca470-d980-4831-99e6-dc70d9f6af87\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1517 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8f5ad423-50d6-4617-b058-69908f5586c9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -24987,21 +33218,37 @@ interactions: Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"90f01329-a100-43c2-af31-098996135d2b\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to Event + Hub namespaces, you can reduce data leakage risks. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"Specifies the subnet to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"namespace\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91678b7c-d721-4fc5-b179-3cdf74e96b1c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91678b7c-d721-4fc5-b179-3cdf74e96b1c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Windows Components'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_WindowsComponents\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9178b430-2295-406e-bb28-f6a7a2a2f897\"},{\"properties\":{\"displayName\":\"Resource + logs in App Services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit + enabling of resource logs on the app. This enables you to recreate activity + trails for investigation purposes if a security incident occurs or your network + is compromised.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91a78b24-f231-4a8a-8da9-02c35b2b6510\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91c97b44-791e-46e9-bad7-ab7c4949edbb\"},{\"properties\":{\"displayName\":\"Deploy + Dependency agent to Windows Azure Arc machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy deploys the Dependency agent to Windows Azure Arc machines if the agent - isn't installed.\",\"metadata\":{\"version\":\"1.1.0-preview\",\"category\":\"Monitoring\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\",\"resources\":[{\"type\":\"extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[variables('DaExtensionName')]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[\"[concat('Microsoft.HybridCompute/machines/', - parameters('vmName'))]\"],\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}]}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + isn't installed.\",\"metadata\":{\"version\":\"1.2.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.HybridCompute/machines/extensions/type\",\"equals\":\"DependencyAgentWindows\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"},{\"field\":\"Microsoft.HybridCompute/machines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"DaExtensionName\":\"DependencyAgentWindows\",\"DaExtensionType\":\"DependencyAgentWindows\"},\"resources\":[{\"type\":\"Microsoft.HybridCompute/machines/extensions\",\"apiVersion\":\"2020-03-11-preview\",\"name\":\"[concat(parameters('vmName'), + '/', variables('DaExtensionName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitoring.DependencyAgent\",\"type\":\"[variables('DaExtensionType')]\",\"autoUpgradeMinorVersion\":true,\"settings\":{}}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -25009,9 +33256,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"924e1b2d-c502-478f-bfdb-a7e09a0d5c01\"},{\"properties\":{\"displayName\":\"MFA should be enabled accounts with write permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + write privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"57e98606-6b1e-6193-0e3d-fe621387c16b\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9297c21d-2ed6-4474-b48f-163f75654ce3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1290 - Information System Backup\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"92f85ce9-17b7-49ea-85ee-ea7271ea6b82\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -25089,10 +33336,29 @@ interactions: Configuration\",\"version\":\"2.0.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesAccountManagement\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"94d9aca8-3757-46df-aa51-f218c5f11954\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault to stream resource logs to a Log + Analytics workspace when any Key Vault which is missing this diagnostic settings + is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"AzureKeyVaultDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + the Key Vault should be connected to.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"AuditEventEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AuditEvent + - Enabled\",\"description\":\"Whether to stream AuditEvent logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AllMetricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AllMetrics + - Enabled\",\"description\":\"Whether to stream AllMetrics logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"anyof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"equals\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"AuditEventEnabled\":{\"type\":\"string\"},\"AllMetricsEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('AllMetricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('AuditEventEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"AuditEventEnabled\":{\"value\":\"[parameters('AllMetricsEnabled')]\"},\"AllMetricsEnabled\":{\"value\":\"[parameters('AuditEventEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/951af2fa-529b-416e-ab6e-066fd85ac459\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"951af2fa-529b-416e-ab6e-066fd85ac459\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1526 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Authentication + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"953e6261-a05a-44fd-8246-000e1a3edbb9\"},{\"properties\":{\"displayName\":\"Automation + accounts should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your Automation + account resources by creating private endpoints instead. Learn more at: https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},{\"field\":\"Microsoft.Automation/automationAccounts/publicNetworkAccess\",\"notEquals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"955a914f-bf86-4f0e-acd5-e0766b0efcb6\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your web app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they @@ -25159,7 +33425,15 @@ interactions: Name\",\"description\":\"Name of the tag, such as 'environment'\"}},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Tag Value\",\"description\":\"Value of the tag, such as 'production'\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},{\"field\":\"[concat('tags[', parameters('tagName'), ']')]\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"modify\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f\"],\"operations\":[{\"operation\":\"add\",\"field\":\"[concat('tags[', - parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"[Deprecated]: + parameters('tagName'), ']')]\",\"value\":\"[parameters('tagValue')]\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/96d9a89c-0d67-41fc-899d-2b9599f76a24\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"96d9a89c-0d67-41fc-899d-2b9599f76a24\"},{\"properties\":{\"displayName\":\"HPC + Cache accounts should use customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure HPC Cache with customer-managed keys. By default, + customer data is encrypted with service-managed keys, but customer-managed + keys are commonly required to meet regulatory compliance standards. Customer-managed + keys enable the data to be encrypted with an Azure Key Vault key created and + owned by you. You have full control and responsibility for the key lifecycle, + including rotation and management.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StorageCache/caches\"},{\"field\":\"Microsoft.StorageCache/caches/encryptionSettings.keyEncryptionKey.keyUrl\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/970f84d8-71b6-4091-9979-ace7e3fb6dbb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"970f84d8-71b6-4091-9979-ace7e3fb6dbb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - MSS (Legacy)'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -25211,11 +33485,13 @@ interactions: Managed Control 1378 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"97fceb70-6983-42d0-9331-18ad8253184d\"},{\"properties\":{\"displayName\":\"Azure - Event Grid domains should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - Azure Event Grid domains that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections via private links. For more information, - visit https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Event + Event Grid domains should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your Event Grid domain instead + of the entire service, you'll also be protected against data leakage risks. + Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Event Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"count\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.EventGrid/domains/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9830b652-8523-49cc-b1b3-e17dce1127ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9830b652-8523-49cc-b1b3-e17dce1127ca\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation only in United States data centers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows @@ -25299,7 +33575,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9943c16a-c54c-4b4a-ad28-bfd938cdbf57\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users)\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99deec7d-5526-472e-b07c-3645a792026a\"},{\"properties\":{\"displayName\":\"Azure + Batch account should use customer-managed keys to encrypt data\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + customer-managed keys to manage the encryption at rest of your Batch account's + data. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/Batch-CMK.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Batch\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Batch/batchAccounts\"},{\"field\":\"Microsoft.Batch/batchAccounts/encryption.keySource\",\"notEquals\":\"Microsoft.KeyVault\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -25346,7 +33630,16 @@ interactions: IaaSAntimalware extension should be deployed on Windows servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"IaaSAntimalware\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Security\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b597639-28e4-48eb-b506-56b05d366257\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning service instances with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to IoT + Hub device provisioning service, you can reduce data leakage risks. Learn + more about private links at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/provisioningServices\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"greaterOrEquals\":1},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotDps\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9b75ea5b-c796-4c99-aaaf-21c204daac43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9b75ea5b-c796-4c99-aaaf-21c204daac43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1236 - Software Usage Restrictions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9ba3ed84-c768-4e18-b87c-34ef1aff1b57\"},{\"properties\":{\"displayName\":\"Microsoft @@ -25363,7 +33656,12 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c284fc0-268a-4f29-af44-3c126674edb4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1135 - Non-Repudiation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9c308b6b-2429-4b97-86cf-081b8e737b04\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Azure Cognitive Search service so that it is + not accessible over the public internet. This can reduce data leakage risks. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9cee519f-d9c1-4fd9-9f79-24ec3449ed30\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1489 - Location Of Information System Components\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9d0a794f-1444-4c96-9534-e35fc8c39c91\"},{\"properties\":{\"displayName\":\"Ensure @@ -25406,8 +33704,8 @@ interactions: Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your - resources.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application + resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3b20e985-f71f-483b-b078-f30d73936d43\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9daedab3-fb2d-461e-b861-71790eead4f6\"},{\"properties\":{\"displayName\":\"Application definition for Managed Application should use customer provided storage account\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use your own storage account to control the application definition data when this is a regulatory or compliance requirement. You can choose to store your managed @@ -25460,7 +33758,17 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsTimeZone\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f658460-46b7-43af-8565-94fc0662be38\"},{\"properties\":{\"displayName\":\"Configure + Storage account to use a private link connection\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + storage account, you can reduce data leakage risks. Learn more about private + links at - https://aka.ms/azureprivatelinkoverview\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"The subnetId that private endpoint + connections should link to\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"targetSubResource\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + sub-resource\",\"description\":\"Type of sub-resource for the resource selected + above, that your private endpoint will be able to access\"},\"allowedValues\":[\"blob\",\"blob_secondary\",\"table\",\"table_secondary\",\"queue\",\"queue_secondary\",\"file\",\"web\",\"web_secondary\",\"dfs\",\"dfs_secondary\"],\"defaultValue\":\"blob\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"kind\",\"in\":[\"StorageV2\",\"BlobStorage\",\"BlockBlobStorage\",\"FileStorage\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Storage/storageAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"targetSubResource\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":\"[array(parameters('targetSubResource'))]\",\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"targetSubResource\":{\"value\":\"[parameters('targetSubResource')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f766f00-8d11-464e-80e1-4091d7874074\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f766f00-8d11-464e-80e1-4091d7874074\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1354 - Incident Response Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9fd92c17-163a-4511-bb96-bbb476449796\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -25471,7 +33779,15 @@ interactions: auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsLogAnalyticsAgentConnection\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search service should use a SKU that supports private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"With + supported SKUs of Azure Cognitive Search, Azure Private Link lets you connect + your virtual network to Azure services without a public IP address at the + source or destination. The private link platform handles the connectivity + between the consumer and services over the Azure backbone network. By mapping + private endpoints to your Search service, data leakage risks are reduced. + Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or Deny the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/sku.name\",\"equals\":\"free\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a049bf77-880b-470f-ba6d-9f21c530cf83\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1145 - Security Assessments\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a0724970-9c75-4a64-a225-a28002953f28\"},{\"properties\":{\"displayName\":\"Allowed @@ -25504,7 +33820,16 @@ interactions: effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces/authorizationRules\"},{\"field\":\"name\",\"notEquals\":\"RootManageSharedAccessKey\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1817ec0-a368-432a-8057-8371e17ac6ee\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a18adb5b-1db6-4a5b-901a-7d3797d12972\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use a customer-managed key for encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Event Hubs supports the option of encrypting data at rest with either Microsoft-managed + keys (default) or customer-managed keys. Choosing to encrypt data using customer-managed + keys enables you to assign, rotate, disable, and revoke access to the keys + that Event Hub will use to encrypt data in your namespace. Note that Event + Hub only supports encryption with customer-managed keys for namespaces in + dedicated clusters.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"},{\"field\":\"Microsoft.EventHub/namespaces/clusterArmId\",\"exists\":\"true\"},{\"not\":{\"field\":\"Microsoft.EventHub/namespaces/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Logic Apps to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -25556,7 +33881,15 @@ interactions: initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsDomainMembership\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a29ee95c-0395-4515-9851-cc04ffe82a91\"},{\"properties\":{\"displayName\":\"Resource + logs in Azure Key Vault Managed HSM should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + recreate activity trails for investigation purposes when a security incident + occurs or when your network is compromised, you may want to audit by enabling + resource logs on Managed HSMs. Please follow the instructions here: https://docs.microsoft.com/azure/key-vault/managed-hsm/logging.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2a5b911-5617-447e-a49e-59dbe0e0434b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1532 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a2c66299-9017-4d95-8040-8bdbf7901d52\"},{\"properties\":{\"displayName\":\"Microsoft @@ -25576,13 +33909,26 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1238 - User-Installed Software\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Log + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"},{\"properties\":{\"displayName\":\"Configure + Container registries to disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your Container Registry resource so that it's not + accessible over the public internet. This can reduce data leakage risks. Learn + more at https://aka.ms/acr/portal/public-network and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"conflictEffect\":\"audit\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"operations\":[{\"operation\":\"addOrReplace\",\"field\":\"Microsoft.ContainerRegistry/registries/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3701552-92ea-433e-9d17-33b7f1208fc9\"},{\"properties\":{\"displayName\":\"Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Security Center collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"45cfe080-ceb1-a91e-9743-71551ed24e94\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a3a6ea0c-e018-4933-9ef0-5aaa1501449b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a3a6ea0c-e018-4933-9ef0-5aaa1501449b\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Linux Azure Monitor agent to enable Azure Monitor assignments + on Linux virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Linux Azure Monitor agent to Linux virtual machines hosted in Azure that are + supported by Azure Monitor. Azure Monitor agent collects events from the virtual + machine that can be used to provide recommendations. Target virtual machines + must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"12*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"14.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"16.04*LTS\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"18.04*LTS\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"CentOS\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"8\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"9\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"debian-10\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorLinuxAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorLinuxAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorLinuxAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorLinuxAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4034bc6-ae50-406d-bf76-50f4ee5a7811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4034bc6-ae50-406d-bf76-50f4ee5a7811\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a450eba6-2efc-4a00-846a-5804a93c6b77\"},{\"properties\":{\"displayName\":\"Audit @@ -25605,7 +33951,80 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"d1db3318-01ff-16de-29eb-28b344515626\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a4fe33eb-e377-4efb-ab31-0784311bc499\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1617 - Application Partitioning\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Auditing + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to CosmosDB account. + Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Dns Zone Id\",\"description\":\"The private DNS zone to deploy in a new private + DNS zone group and link to the private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + Endpoint Group Id\",\"description\":\"A group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"[parameters('privateEndpointGroupId')]\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"cosmosDB-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a63cc0bd-cda4-4178-b705-37dc439d3e0f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to an Event Hub to be enabled on Azure Key + Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Event Hub when any Azure Key Vault Managed HSM which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy\"},\"eventHubRuleId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Authorization Rule Id\",\"description\":\"The Event Hub authorization + rule Id for Azure Diagnostics. The authorization rule needs to be at Event + Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource + group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization + rule}\",\"strongType\":\"Microsoft.EventHub/Namespaces/AuthorizationRules\",\"assignPermissions\":true}},\"eventHubLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Hub Location\",\"description\":\"The location the Event Hub resides in. Only + Azure Key Vault Managed HSMs in this location will be linked to this Event + Hub.\",\"strongType\":\"location\"},\"defaultValue\":\"\"},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Event + Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Event Hub - + True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"hsmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('hsmName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat('Enabled + diagnostic settings for ', parameters('hsmName'))]\"}}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"hsmName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6d2c800-5230-4a40-bff3-8268b4987d42\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6d2c800-5230-4a40-bff3-8268b4987d42\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using HTTPS secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires HTTPS user and key secrets stored in Key + Vault. For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"httpsUserKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + user name Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS user name.\"},\"defaultValue\":\"\"},\"httpsKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"HTTPS + key Key Vault secret\",\"description\":\"The name of the Key Vault secret + that holds the base64-encoded HTTPS key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"httpsUser\":{\"type\":\"securestring\"},\"httpsKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"configurationProtectedSettings\":{\"httpsUser\":\"[parameters('httpsUser')]\",\"httpsKey\":\"[parameters('httpsKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"httpsUser\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsUserKeyVaultSecretName')]\"}},\"httpsKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('httpsKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a6f560f4-f582-4b67-b123-a37dcd1bf7ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a6f560f4-f582-4b67-b123-a37dcd1bf7ea\"},{\"properties\":{\"displayName\":\"Auditing on SQL server should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable @@ -25626,9 +34045,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\"},{\"properties\":{\"displayName\":\"Azure DDoS Protection Standard should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"DDoS protection standard should be enabled for all virtual networks with a subnet - that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + that is part of an application gateway with a public IP.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"microsoft.network/virtualNetworks\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e3de1cc0-f4dd-3b34-e496-8b5381ba2d70\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1570 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a7fcf38d-bb09-4600-be7d-825046eb162a\"},{\"properties\":{\"displayName\":\"Require @@ -25693,8 +34112,11 @@ interactions: implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a96f743d-a195-420d-983a-08aa06bc441e\"},{\"properties\":{\"displayName\":\"SQL Managed Instances should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Managed - Instances should avoid using GRS storage for backups if data residency rules - require data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + Instances should avoid using the default geo-redundant storage for backups, + if data residency rules require data to stay within a specific region. Note: + Azure Policy is not enforced when creating a database using T-SQL. If not + explicitly specified, database with geo-redundant backup storage is created + via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/managedInstances/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9934fd7-29f2-4e6d-ab3d-607ea38e9079\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9934fd7-29f2-4e6d-ab3d-607ea38e9079\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -25717,15 +34139,24 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a9eae324-d327-4539-9293-b48e122465f8\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with owner permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + owner permissions to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"94290b00-4d0c-d7b4-7cea-064a9554e681\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa633080-8b72-40c4-a2d7-d00c03e80bed\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure that Register with Azure Active Directory is enabled on WEB App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy is a duplicate of the respective Managed Identity policies. Please use /providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332 instead.\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"App Service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Microsoft + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"},{\"properties\":{\"displayName\":\"Configure + IoT Hub device provisioning instances to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to an IoT Hub device + provisioning service instance. Learn more at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotDps\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices-provisioning.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1539 - Security Categorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"aabb155f-e7a5-4896-a767-e918bfae2ee0\"},{\"properties\":{\"displayName\":\"Microsoft @@ -25760,14 +34191,84 @@ interactions: each SQL Managed Instance without advanced data security.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/state\",\"equals\":\"Enabled\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\"},{\"properties\":{\"displayName\":\"Enable Azure Security Center on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Identifies - existing subscriptions that are not monitored by Azure Security Center (ASC).\\r\\nSubscriptions - not monitored by ASC will be registered to the free pricing tier.\\r\\nSubscriptions - already monitored by ASC (free or standard), will be considered compliant.\\r\\nTo + existing subscriptions that are not monitored by Azure Security Center (ASC).\\nSubscriptions + not monitored by ASC will be registered to the free pricing tier.\\nSubscriptions + already monitored by ASC (free or standard), will be considered compliant.\\nTo register newly created subscriptions, open the compliance tab, select the - relevant non-compliant assignment and create a remediation task.\\r\\nRepeat + relevant non-compliant assignment and create a remediation task.\\nRepeat this step when you have one or more new subscriptions you want to monitor with Security Center.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Microsoft + Center\"},\"parameters\":{},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"VirtualMachines\",\"deploymentScope\":\"subscription\",\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"existenceCondition\":{\"anyof\":[{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"standard\"},{\"field\":\"microsoft.security/pricings/pricingTier\",\"equals\":\"free\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Security/pricings\",\"apiVersion\":\"2018-06-01\",\"name\":\"VirtualMachines\",\"properties\":{\"pricingTier\":\"free\"}}],\"outputs\":{}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac076320-ddcf-4066-b451-6154267e8ad2\"},{\"properties\":{\"displayName\":\"Deploy + - Configure disaster recovery on virtual machines by enabling replication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual + machines without disaster recovery configurations are vulnerable to outages + and other disruptions. If the virtual machine does not already have disaster + recovery configured, this would initiate the same by enabling replication + using preset configurations to facilitate business continuity. To learn more + about disaster recovery, visit https://aka.ms/asr-doc.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Compute\"},\"parameters\":{\"sourceRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Source + Region\",\"description\":\"Region in which the virtual machine is originally + deployed\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetRegion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Region\",\"description\":\"Region to be used to deploy the virtual machine + in case of a natural disaster\",\"strongType\":\"location\",\"serviceName\":\"ASR\"}},\"targetResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Resource Group\",\"description\":\"Resource group to be used to create the + virtual machine in the target region\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultResourceGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Vault + Resource Group\",\"description\":\"The resource group containing the recovery + services vault used for disaster recovery configurations\",\"assignPermissions\":true,\"serviceName\":\"ASR\"}},\"vaultId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Services Vault\",\"description\":\"ID of the recovery services vault to be + used for disaster recovery configurations\",\"strongType\":\"Microsoft.RecoveryServices/vaults\",\"serviceName\":\"ASR\"}},\"recoveryNetworkId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Recovery + Virtual Network\",\"description\":\"Existing Recovery Virtual Network ID or + name of the Virtual Network to be created in Target Region\",\"strongType\":\"Microsoft.Network/virtualNetworks\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"targetZone\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Target + Availability Zone\",\"description\":\"Availability zone in the designated + target region to be used by virtual machines during disaster\",\"serviceName\":\"ASR\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"equals\":\"[parameters('sourceRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.vhd.uri\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.encryptionSettings\",\"exists\":\"false\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"location\",\"equals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones[*]\",\"notEquals\":\"[parameters('targetZone')]\"}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"true\"},{\"value\":\"[length(parameters('targetZone'))]\",\"greater\":0}]},{\"allOf\":[{\"field\":\"location\",\"notEquals\":\"[parameters('targetRegion')]\"},{\"field\":\"Microsoft.Compute/virtualMachines/zones\",\"exists\":\"false\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Resources/links\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"ASR-Protect-*\"},{\"field\":\"Microsoft.Resources/links/targetId\",\"contains\":\"/replicationProtectedItems/\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"apiVersion\":{\"type\":\"String\"},\"avSetId\":{\"type\":\"String\"},\"dataDiskIds\":{\"type\":\"object\"},\"osDiskId\":{\"type\":\"String\"},\"ppgId\":{\"type\":\"String\"},\"recoveryNetworkId\":{\"type\":\"String\"},\"recoverySubscriptionId\":{\"type\":\"String\"},\"sourceRegion\":{\"type\":\"String\"},\"sourceResourceGroupName\":{\"type\":\"String\"},\"targetRegion\":{\"type\":\"String\"},\"targetResourceGroupName\":{\"type\":\"String\"},\"targetZone\":{\"type\":\"String\"},\"vaultName\":{\"type\":\"String\"},\"vaultResourceGroupName\":{\"type\":\"String\"},\"vmId\":{\"type\":\"String\"},\"vmZones\":{\"type\":\"Object\"}},\"variables\":{\"avSetApiVersion\":\"2019-03-01\",\"deploymentApiVersion\":\"2017-05-10\",\"vmApiVersion\":\"2019-07-01\",\"ppgApiVersion\":\"2019-12-01\",\"portalLinkPrefix\":\"https://portal.azure.com/#@microsoft.onmicrosoft.com/resource\",\"schemaLink\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"defaultAvSet\":\"defaultAvSet-asr\",\"defaultPPG\":\"defaultPPG-asr\",\"eligibilityResultsDefault\":\"default\",\"protectedItemSuffix\":\"-policy\",\"recoveryAvSetPrefix\":\"RecoveryAvSet-\",\"recoveryPPGPrefix\":\"RecoveryPPG-\",\"avSetType\":\"Microsoft.Compute/availabilitySets\",\"deploymentType\":\"Microsoft.Resources/deployments\",\"networkType\":\"Microsoft.Network/virtualNetworks\",\"ppgType\":\"Microsoft.Compute/proximityPlacementGroups\",\"replicationEligibilityResultsType\":\"Microsoft.RecoveryServices/replicationEligibilityResults\",\"storageType\":\"Microsoft.Storage/storageAccounts\",\"vaultType\":\"Microsoft.RecoveryServices/vaults\",\"avSetTemplateName\":\"[concat(variables('recoveryAvSetPrefix'), + last(split(parameters('vmId'), '/')))]\",\"avSetTemplateName64\":\"[if(greater(length(variables('avSetTemplateName')), + 64), substring(variables('avSetTemplateName'), 0, 64), variables('avSetTemplateName'))]\",\"ppgTemplateName\":\"[concat(variables('recoveryPPGPrefix'), + last(split(parameters('vmId'), '/')))]\",\"ppgTemplateName64\":\"[if(greater(length(variables('ppgTemplateName')), + 64), substring(variables('ppgTemplateName'), 0, 64), variables('ppgTemplateName'))]\",\"replicationProtectedIntentTemplateName\":\"[concat('ASR-', + parameters('sourceResourceGroupName'), '-', last(split(parameters('vmId'), + '/')))]\",\"replicationProtectedIntentTemplateName64\":\"[if(greater(length(variables('replicationProtectedIntentTemplateName')), + 64), substring(variables('replicationProtectedIntentTemplateName'), 0, 64), + variables('replicationProtectedIntentTemplateName'))]\",\"vmDataDiskIds\":\"[array(parameters('dataDiskIds').rawValue)]\",\"vmDiskCount\":\"[add(length(variables('vmDataDiskIds')), + int(1))]\",\"diskIds\":\"[concat(array(parameters('osDiskId')), array(parameters('dataDiskIds').rawValue))]\",\"vaultId\":\"[resourceId(parameters('vaultResourceGroupName'), + variables('vaultType'), parameters('vaultName'))]\",\"eligibilityResultsId\":\"[extensionResourceId(parameters('vmId'), + variables('replicationEligibilityResultsType'), variables('eligibilityResultsDefault'))]\",\"protectedIntentName\":\"[concat(parameters('vaultName'), + '/', guid(resourceGroup().id, last(split(parameters('vmId'), '/'))), variables('protectedItemSuffix'))]\",\"recoveryAvSetName\":\"[if(empty(parameters('avSetId')), + variables('defaultAvSet'), concat(last(split(parameters('avSetId'), '/')), + '-asr'))]\",\"recoveryAvSetId\":\"[if(empty(parameters('avSetId')), '', resourceId(parameters('targetResourceGroupName'), + variables('avSetType'), variables('recoveryAvSetName')))]\",\"recoveryAvType\":\"[if(not(empty(parameters('avSetId'))), + 'AvailabilitySet', if(greater(length(parameters('vmZones').rawValue), 0), + 'AvailabilityZone', 'Single'))]\",\"recoveryAvZone\":\"[if(greater(length(parameters('vmZones').rawValue), + 0), parameters('targetZone'), '')]\",\"recoveryPPGName\":\"[if(empty(parameters('ppgId')), + variables('defaultPPG'), concat(last(split(parameters('ppgId'), '/')), '-asr'))]\",\"recoveryPPGId\":\"[if(empty(parameters('ppgId')), + '', resourceId(parameters('targetResourceGroupName'), variables('ppgType'), + variables('recoveryPPGName')))]\",\"targetResourceGroupId\":\"[concat('/subscriptions/', + parameters('recoverySubscriptionId'), '/resourceGroups/', parameters('targetResourceGroupName'))]\"},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('ppgTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('ppgId')))]\",\"type\":\"[variables('ppgType')]\",\"name\":\"[variables('recoveryPPGName')]\",\"apiVersion\":\"[variables('ppgApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"properties\":{\"proximityPlacementGroupType\":\"[if(empty(parameters('ppgId')), + 'Standard', reference(parameters('ppgId'), variables('ppgApiVersion')).proximityPlacementGroupType)]\"}}]},\"parameters\":{}}},{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('avSetTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('targetResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"condition\":\"[not(empty(parameters('avSetId')))]\",\"type\":\"[variables('avSetType')]\",\"sku\":{\"name\":\"[if(empty(parameters('avSetId')), + 'Aligned', reference(parameters('avSetId'), variables('avSetApiVersion'), + 'Full').sku.name)]\"},\"name\":\"[variables('recoveryAvSetName')]\",\"apiVersion\":\"[variables('avSetApiVersion')]\",\"location\":\"[parameters('targetRegion')]\",\"tags\":{},\"properties\":{\"platformUpdateDomainCount\":\"[if(empty(parameters('avSetId')), + '5', reference(parameters('avSetId'), variables('avSetApiVersion')).platformUpdateDomainCount)]\",\"platformFaultDomainCount\":\"[if(empty(parameters('avSetId')), + '2', reference(parameters('avSetId'), variables('avSetApiVersion')).platformFaultDomainCount)]\",\"proximityPlacementGroup\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"id\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\"}}]},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\"]},{\"apiVersion\":\"[variables('deploymentApiVersion')]\",\"name\":\"[variables('replicationProtectedIntentTemplateName64')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('vaultResourceGroupName')]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"[variables('schemaLink')]\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/replicationProtectionIntents\",\"name\":\"[variables('protectedIntentName')]\",\"apiVersion\":\"[parameters('apiVersion')]\",\"properties\":{\"providerSpecificDetails\":{\"instanceType\":\"A2A\",\"fabricObjectId\":\"[parameters('vmId')]\",\"primaryLocation\":\"[parameters('sourceRegion')]\",\"recoveryLocation\":\"[parameters('targetRegion')]\",\"recoverySubscriptionId\":\"[parameters('recoverySubscriptionId')]\",\"recoveryAvailabilityType\":\"[variables('recoveryAvType')]\",\"recoveryAvailabilityZone\":\"[variables('recoveryAvZone')]\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\",\"recoveryAvailabilitySetCustomInput\":\"[if(empty(parameters('avSetId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryAvailabilitySetId\\\"', ':', '\\\"', variables('recoveryAvSetId'), + '\\\"', '}')))]\",\"recoveryProximityPlacementGroupCustomInput\":\"[if(empty(parameters('ppgId')), + json('null'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryProximityPlacementGroupId\\\"', ':', '\\\"', variables('recoveryPPGId'), + '\\\"', '}')))]\",\"recoveryVirtualNetworkCustomInput\":\"[if(contains(parameters('recoveryNetworkId'), + '/'), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"Existing\\\",', + '\\\"recoveryVirtualNetworkId\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')), json(concat('{', '\\\"resourceType\\\"', ':', '\\\"New\\\",', + '\\\"recoveryVirtualNetworkName\\\"', ':', '\\\"', parameters('recoveryNetworkId'), + '\\\"', '}')))]\",\"vmDisks\":[],\"copy\":[{\"name\":\"vmManagedDisks\",\"count\":\"[variables('vmDiskCount')]\",\"input\":{\"diskId\":\"[if(equals(copyIndex('vmManagedDisks'), + int(0)), reference(parameters('vmId'), variables('vmApiVersion')).storageProfile.osDisk.managedDisk.Id, + variables('vmDataDiskIds')[sub(copyIndex('vmManagedDisks'), int(1))])]\",\"recoveryResourceGroupCustomInput\":{\"resourceType\":\"Existing\",\"recoveryResourceGroupId\":\"[variables('targetResourceGroupId')]\"}}}]}}}],\"outputs\":{\"vmName\":{\"value\":\"[last(split(parameters('vmId'), + '/'))]\",\"type\":\"string\"},\"availabilitySetUrl\":{\"value\":\"[if(empty(parameters('avSetId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryAvSetId')))]\",\"type\":\"string\"},\"proximityPlacementGroupUrl\":{\"value\":\"[if(empty(parameters('ppgId')), + '', concat(variables('portalLinkPrefix'), variables('recoveryPPGId')))]\",\"type\":\"string\"},\"replicationEligibilityResults\":{\"value\":\"[reference(variables('eligibilityResultsId'), + parameters('apiVersion'))]\",\"type\":\"Object\"}}},\"parameters\":{}},\"dependsOn\":[\"[variables('ppgTemplateName64')]\",\"[variables('avSetTemplateName64')]\"]}],\"outputs\":{}},\"parameters\":{\"apiVersion\":{\"value\":\"2018-07-10\"},\"avSetId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/availabilitySet.id')]\"},\"dataDiskIds\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\"emptyArray\":[]}},\"osDiskId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"},\"ppgId\":{\"value\":\"[field('Microsoft.Compute/virtualMachines/proximityPlacementGroup.id')]\"},\"recoveryNetworkId\":{\"value\":\"[parameters('recoveryNetworkId')]\"},\"recoverySubscriptionId\":{\"value\":\"[subscription().subscriptionId]\"},\"sourceRegion\":{\"value\":\"[parameters('sourceRegion')]\"},\"sourceResourceGroupName\":{\"value\":\"[resourcegroup().Name]\"},\"targetRegion\":{\"value\":\"[parameters('targetRegion')]\"},\"targetResourceGroupName\":{\"value\":\"[last(split(parameters('targetResourceGroupId'), + '/'))]\"},\"targetZone\":{\"value\":\"[parameters('targetZone')]\"},\"vaultName\":{\"value\":\"[last(split(parameters('vaultId'), + '/'))]\"},\"vaultResourceGroupName\":{\"value\":\"[last(split(parameters('vaultResourceGroupId'), + '/'))]\"},\"vmId\":{\"value\":\"[field('id')]\"},\"vmZones\":{\"value\":{\"rawValue\":\"[field('Microsoft.Compute/virtualMachines/zones')]\",\"emptyArray\":[]}}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac34a73f-9fa5-4067-9247-a3ecae514468\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac34a73f-9fa5-4067-9247-a3ecae514468\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -25777,7 +34278,26 @@ interactions: Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},{\"anyOf\":[{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerService/managedClusters/enableRBAC\",\"equals\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"},{\"properties\":{\"displayName\":\"Configure + Synapse workspaces to have auditing enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure the operations performed against your SQL assets are captured, Synapse + workspaces should have auditing enabled. This is sometimes required for compliance + with regulatory standards.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"Integer\",\"metadata\":{\"description\":\"The + value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention + days (optional, 180 days if unspecified)\"},\"defaultValue\":180},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource + group name for storage accounts\",\"description\":\"Auditing writes database + events to an audit log in your Azure Storage account (a storage account will + be created in each region where a Synapse workspace is created that will be + shared by all Synapse workspaces in that region). Important - for proper operation + of Auditing do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"workspaceName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"int\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[parameters('auditRetentionDays')]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), + 0, 3)]\",\"storageName\":\"[tolower(concat('workspaceaudit', variables('locationCode'), + variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('workspaceAuditingStorageAccount-', + uniqueString(variables('locationCode'), deployment().name))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure Synapse workspaces to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('workspaceName'), + '/Default')]\",\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"workspaceName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee\"},{\"properties\":{\"displayName\":\"[Deprecated]: Allow resource creation if 'environment' tag value in allowed values\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Tags\",\"deprecated\":true},\"parameters\":{},\"policyRule\":{\"if\":{\"not\":{\"field\":\"tags['environment']\",\"in\":[\"production\",\"dev\",\"test\",\"staging\"]}},\"then\":{\"effect\":\"Deny\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"},{\"properties\":{\"displayName\":\"Microsoft @@ -25800,11 +34320,14 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae5d2f14-d830-42b6-9899-df6cfe9c71a3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1598 - Developer Configuration Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Virtual - machines should have the Guest Configuration extension\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - machines in Azure that do not have the Guest Configuration extension are Noncompliant. - The extension is required to audit or configure settings inside Azure virtual - machines. For more information about Guest Configuration, see https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"},{\"properties\":{\"displayName\":\"Guest + Configuration extension should be installed on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure configurations of in-guest settings of your machine, install + the Guest Configuration extension. In-guest settings that the extension monitors + include the configuration of the operating system, application configuration + or presence, and environment settings. Once installed, in-guest policies will + be available such as 'Windows Exploit guard should be enabled'. Learn more + at https://aka.ms/gcpol.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\",\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ae89ebca-1c92-4898-ac2c-9f63decb045c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Email notifications to admins should be enabled in SQL Managed Instance advanced @@ -25832,9 +34355,9 @@ interactions: against which this policy will be evaluated.\"},\"allowedValues\":[\"Standard\"],\"defaultValue\":[\"Standard\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.AppPlatform/Spring\"},{\"field\":\"Microsoft.AppPlatform/Spring/sku.tier\",\"in\":\"[parameters('evaluatedSkuNames')]\"},{\"field\":\"Microsoft.AppPlatform/Spring/networkProfile.serviceRuntimeSubnetId\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af35e2a4-ef96-44e7-a9ae-853dd97032c4\"},{\"properties\":{\"displayName\":\"Monitor missing Endpoint Protection in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers without an installed Endpoint Protection agent will be monitored by Azure - Security Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Security Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"af6cd1bd-1635-48cb-bde7-5b15693900b9\"},{\"properties\":{\"displayName\":\"[Deprecated]: Monitor unaudited SQL servers in Azure Security Center\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"SQL servers which don't have SQL auditing turned on will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced @@ -25858,13 +34381,27 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b07c9b24-729e-4e85-95fc-f224d2d08a80\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1711 - Security Function Verification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Management + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b083a535-a66a-41ec-ba7f-f9498bf67cde\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should be injected into a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Injecting + Azure HDInsight clusters in a virtual network unlocks advanced HDInsight networking + and security features and provides you with control over your network security + configuration.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"count\":{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*]\",\"where\":{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.id\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/computeProfile.roles[*].virtualNetworkProfile.subnet\",\"exists\":false}]}},\"greater\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0ab5b05-1c98-40f7-bb9e-dc568e41b501\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0ab5b05-1c98-40f7-bb9e-dc568e41b501\"},{\"properties\":{\"displayName\":\"Deploy + - Configure private DNS zones for private endpoints connect to Azure SignalR + Service\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure SignalR + Service resource. Learn more at: https://aka.ms/asrs/privatelink.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SignalR\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"description\":\"Private DNS zone to integrate with private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"defaultValue\":\"privatelink.service.signalr.net\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"signalr\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-service-signalr-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0e86710-7fb7-4a6c-a064-32e9b829509e\"},{\"properties\":{\"displayName\":\"Management ports of virtual machines should be protected with just-in-time network access control\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Possible network Just In Time (JIT) access will be monitored by Azure Security Center - as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"805651bc-6ecd-4c73-9b55-97a19d0582d0\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1571 - Acquisition Process\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b11c985b-f2cd-4bd7-85f4-b52426edf905\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -25880,8 +34417,10 @@ interactions: implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b19454ca-0d70-42c0-acf5-ea1c1e5726d1\"},{\"properties\":{\"displayName\":\"SQL Database should avoid using GRS backup redundancy\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Databases - should avoid using GRS storage for backups if data residency rules require - data to stay within a specific region.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + should avoid using the default geo-redundant storage for backups, if data + residency rules require data to stay within a specific region. Note: Azure + Policy is not enforced when creating a database using T-SQL. If not explicitly + specified, database with geo-redundant backup storage is created via T-SQL.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},{\"field\":\"Microsoft.Sql/servers/databases/edition\",\"notEquals\":\"DataWarehouse\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"LRS\"},{\"field\":\"Microsoft.Sql/servers/databases/storageAccountType\",\"equals\":\"ZRS\"}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1091 - Security Awareness Training\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Awareness and Training control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -25933,7 +34472,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[SecureWebServer]s1;MinimumTLSVersion\",\"value\":\"[parameters('MinimumTLSVersion')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"},{\"properties\":{\"displayName\":\"Configure + Azure File Sync with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is deployed for the indicated Storage Sync Service resource. + This enables you to address your Storage Sync Service resource from within + the private IP address space of your organization's network, rather than through + the internet-accessible public endpoint. The existence of one or more private + endpoints by themselves does not disable the public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet with private endpoint network policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StorageSync/storageSyncServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"afs\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b35dddd9-daf7-423b-8375-5a5b86806d5a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b35dddd9-daf7-423b-8375-5a5b86806d5a\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -25941,20 +34488,36 @@ interactions: auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3802d79-dd88-4bce-b81d-780218e48280\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings to a Log Analytics workspace to be enabled + on Azure Key Vault Managed HSM\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional + Log Analytics workspace when any Azure Key Vault Managed HSM which is missing + this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Specify the Log Analytics workspace + to send log to. If this workspace is outside of the scope of the assignment + you must manually grant 'Log Analytics Contributor' permissions (or similar) + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"metricsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + metrics\",\"description\":\"Whether to enable metrics stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + logs\",\"description\":\"Whether to enable logs stream to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.KeyVault/managedHsms/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3884c81-31aa-473d-a9bb-9466fe0ec2a0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3884c81-31aa-473d-a9bb-9466fe0ec2a0\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b3d8d15b-627a-4219-8c96-4d16f788888b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1380 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4319b7e-ea8d-42ff-8a67-ccd462972827\"},{\"properties\":{\"displayName\":\"Resource logs in Search services should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1172 - Internal System Connections\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b43e946e-a4c8-4b92-8201-4a39331db43c\"},{\"properties\":{\"displayName\":\"Microsoft @@ -25991,22 +34554,32 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsShutdown\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('Shutdown: Allow system to be shut down without having to log on;ExpectedValue', '=', parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'), ',', 'Shutdown: - Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"A - security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter + Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4a4d1eb-0263-441b-84cb-a44073d8372d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4a4d1eb-0263-441b-84cb-a44073d8372d\"},{\"properties\":{\"displayName\":\"Azure + Stack Edge devices should use double-encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + secure the data at rest on the device, ensure it's double-encrypted, the access + to data is controlled, and once the device is deactivated, the data is securely + erased off the data disks. Double encryption is the use of two layers of encryption: + BitLocker XTS-AES 256-bit encryption on the data volumes and built-in encryption + of the hard drives. Learn more in the security overview documentation for + the specific Stack Edge device.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + Stack Edge\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + desired effect of the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBoxEdge/DataBoxEdgeDevices\"},{\"field\":\"Microsoft.DataboxEdge/DataBoxEdgeDevices/sku.name\",\"notIn\":[\"TEA_1Node\",\"TEA_1Node_UPS\",\"TEA_1Node_Heater\",\"TEA_1Node_UPS_Heater\",\"TEA_4Node_Heater\",\"TEA_4Node_UPS_Heater\",\"TMA\",\"EdgePR_Base\",\"EdgePR_Base_UPS\",\"EdgeMR_Mini\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4ac1030-89c5-4697-8e00-28b5ba6a8811\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4ac1030-89c5-4697-8e00-28b5ba6a8811\"},{\"properties\":{\"displayName\":\"[Deprecated]: + A security contact phone number should be provided for your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enter a phone number to receive notifications when Azure Security Center detects - compromised resources\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security - Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft + compromised resources - This policy is deprecated because phone numbers are + no longer used in any scenario by Azure Security Center\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Security + Center\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/securityContacts\",\"existenceCondition\":{\"field\":\"Microsoft.Security/securityContacts/phone\",\"notEquals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4d66858-c922-44e3-9566-5cdb7a7be744\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b4f9b47a-2116-4e6f-88db-4edbf22753f1\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for PostgreSQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for PostgreSQL can only be accessed from a private endpoint. This - configuration strictly disables access from any public address space outside - of Azure IP range, and denies all logins that match IP or virtual network-based - firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + configuration disables access from any public address space outside of Azure + IP range, and denies all logins that match IP or virtual network-based firewall + rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b52376f7-9612-48a1-81cd-1ffe4b61032c\"},{\"properties\":{\"displayName\":\"Service Fabric clusters should only use Azure Active Directory for client authentication\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit usage of client authentication only via Azure Active Directory in Service @@ -26021,7 +34594,16 @@ interactions: enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"notContains\":\"functionapp\"},{\"field\":\"kind\",\"notContains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/httpLoggingEnabled\",\"equals\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/requestTracingEnabled\",\"equals\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts with private endpoints \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + CosmosDB account, you can reduce data leakage risks. Learn more about private + links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointSubnetId\",\"description\":\"A + subnet in the location\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"privateEndpointGroupId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"privateEndpointGroupId\",\"description\":\"A + group Id for the private endpoint\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"String\"},\"serviceId\":{\"type\":\"String\"},\"privateEndpointSubnetId\":{\"type\":\"String\"},\"privateEndpointGroupId\":{\"type\":\"String\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"privateEndpointGroupId\":{\"type\":\"String\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"[parameters('privateEndpointGroupId')]\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"privateEndpointGroupId\":{\"value\":\"[parameters('privateEndpointGroupId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b609e813-3156-4079-91fa-a8494c1471c4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b609e813-3156-4079-91fa-a8494c1471c4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6747bf9-2b97-45b8-b162-3c8becb9937d\"},{\"properties\":{\"displayName\":\"Microsoft @@ -26037,17 +34619,53 @@ interactions: at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you - understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit + understand, diagnose, and gain insights to your network in Azure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"listOfLocations\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Locations\",\"description\":\"Audit if Network Watcher is not enabled for region(s).\",\"strongType\":\"location\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"NetworkWatcher resource group name\",\"description\":\"Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers - are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft + are located.\"},\"defaultValue\":\"NetworkWatcherRG\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/networkWatchers\",\"resourceGroupName\":\"[parameters('resourceGroupName')]\",\"existenceCondition\":{\"field\":\"location\",\"in\":\"[parameters('listOfLocations')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1608 - Supply Chain Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1401 - Controlled Maintenance\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"API + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b78ee928-e3c1-4569-ad97-9f8c4b629847\"},{\"properties\":{\"displayName\":\"Deploy + - Configure diagnostic settings for SQL Databases to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys + the diagnostic settings for SQL Databases to stream resource logs to a Log + Analytics workspace when any SQL Database which is missing this diagnostic + settings is created or updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"diagnosticsSettingNameToUse\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Setting + name\",\"description\":\"Name of the diagnostic settings.\"},\"defaultValue\":\"SQLDatabaseDiagnosticsLogsToWorkspace\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select the Log Analytics workspace + from dropdown list\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreRuntimeStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreRuntimeStatistics + logs to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"QueryStoreWaitStatistics + - Enabled\",\"description\":\"Whether to stream QueryStoreWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"ErrorsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Errors + - Enabled\",\"description\":\"Whether to stream Errors logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"DatabaseWaitStatistics + - Enabled\",\"description\":\"Whether to stream DatabaseWaitStatistics logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"BlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Blocks + - Enabled\",\"description\":\"Whether to stream Blocks logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLInsightsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLInsights + - Enabled\",\"description\":\"Whether to stream SQLInsights logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SQLSecurityAuditEvents + - Enabled\",\"description\":\"Whether to stream SQLSecurityAuditEvents logs + to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"TimeoutsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Timeouts + - Enabled\",\"description\":\"Whether to stream Timeouts logs to the Log Analytics + workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"AutomaticTuningEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"AutomaticTuning + - Enabled\",\"description\":\"Whether to stream AutomaticTuning logs to the + Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"DeadlocksEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Deadlocks + - Enabled\",\"description\":\"Whether to stream Deadlocks logs to the Log + Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"Basic\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Basic + (metric) - Enabled\",\"description\":\"Whether to stream Basic metrics to + the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"InstanceAndAppAdvanced\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"InstanceAndAppAdvanced + (metric) - Enabled\",\"description\":\"Whether to stream InstanceAndAppAdvanced + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"},\"WorkloadManagement\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"WorkloadManagement + (metric) - Enabled\",\"description\":\"Whether to stream WorkloadManagement + metrics to the Log Analytics workspace - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers/databases\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"True\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"matchInsensitively\":\"[parameters('logAnalytics')]\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"diagnosticsSettingNameToUse\":{\"type\":\"string\"},\"resourceName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"Basic\":{\"type\":\"string\"},\"InstanceAndAppAdvanced\":{\"type\":\"string\"},\"WorkloadManagement\":{\"type\":\"string\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"type\":\"string\"},\"QueryStoreWaitStatisticsEnabled\":{\"type\":\"string\"},\"ErrorsEnabled\":{\"type\":\"string\"},\"DatabaseWaitStatisticsEnabled\":{\"type\":\"string\"},\"BlocksEnabled\":{\"type\":\"string\"},\"SQLInsightsEnabled\":{\"type\":\"string\"},\"SQLSecurityAuditEventsEnabled\":{\"type\":\"string\"},\"TimeoutsEnabled\":{\"type\":\"string\"},\"AutomaticTuningEnabled\":{\"type\":\"string\"},\"DeadlocksEnabled\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), + '/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"metrics\":[{\"category\":\"Basic\",\"enabled\":\"[parameters('Basic')]\"},{\"category\":\"InstanceAndAppAdvanced\",\"enabled\":\"[parameters('InstanceAndAppAdvanced')]\"},{\"category\":\"WorkloadManagement\",\"enabled\":\"[parameters('WorkloadManagement')]\"}],\"logs\":[{\"category\":\"SQLInsights\",\"enabled\":\"[parameters('SQLInsightsEnabled')]\"},{\"category\":\"AutomaticTuning\",\"enabled\":\"[parameters('AutomaticTuningEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},{\"category\":\"Errors\",\"enabled\":\"[parameters('ErrorsEnabled')]\"},{\"category\":\"DatabaseWaitStatistics\",\"enabled\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},{\"category\":\"Timeouts\",\"enabled\":\"[parameters('TimeoutsEnabled')]\"},{\"category\":\"Blocks\",\"enabled\":\"[parameters('BlocksEnabled')]\"},{\"category\":\"Deadlocks\",\"enabled\":\"[parameters('DeadlocksEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"Basic\":{\"value\":\"[parameters('Basic')]\"},\"InstanceAndAppAdvanced\":{\"value\":\"[parameters('InstanceAndAppAdvanced')]\"},\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('diagnosticsSettingNameToUse')]\"},\"WorkloadManagement\":{\"value\":\"[parameters('WorkloadManagement')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"},\"QueryStoreRuntimeStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreRuntimeStatisticsEnabled')]\"},\"QueryStoreWaitStatisticsEnabled\":{\"value\":\"[parameters('QueryStoreWaitStatisticsEnabled')]\"},\"ErrorsEnabled\":{\"value\":\"[parameters('ErrorsEnabled')]\"},\"DatabaseWaitStatisticsEnabled\":{\"value\":\"[parameters('DatabaseWaitStatisticsEnabled')]\"},\"BlocksEnabled\":{\"value\":\"[parameters('BlocksEnabled')]\"},\"SQLInsightsEnabled\":{\"value\":\"[parameters('SQLInsightsEnabled')]\"},\"SQLSecurityAuditEventsEnabled\":{\"value\":\"[parameters('SQLSecurityAuditEventsEnabled')]\"},\"TimeoutsEnabled\":{\"value\":\"[parameters('TimeoutsEnabled')]\"},\"AutomaticTuningEnabled\":{\"value\":\"[parameters('AutomaticTuningEnabled')]\"},\"DeadlocksEnabled\":{\"value\":\"[parameters('DeadlocksEnabled')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b79fa14e-238a-4c2d-b376-442ce508fc84\"},{\"properties\":{\"displayName\":\"API App should only be accessible over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App @@ -26071,7 +34689,15 @@ interactions: '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\"location\":\"[parameters('location')]\",\"properties\":{\"guestConfiguration\":{\"name\":\"[parameters('configurationName')]\",\"version\":\"1.*\",\"configurationParameter\":[{\"name\":\"[LocalGroup]AdministratorsGroup;Members\",\"value\":\"[parameters('Members')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b821191b-3a12-44bc-9c38-212138a29ff3\"},{\"properties\":{\"displayName\":\"Event + Hub namespaces should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Event Hub namespaces, data + leakage risks are reduced. Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventHub/namespaces\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.EventHub/namespaces/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.EventHub/namespaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/b8564268-eb4a-4337-89be-a19db070c59d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"b8564268-eb4a-4337-89be-a19db070c59d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -26124,17 +34750,27 @@ interactions: category: 'Security Options - Recovery console'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsRecoveryconsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba12366f-f9a6-42b8-9d98-157d0b1a837b\"},{\"properties\":{\"displayName\":\"Azure - Machine Learning workspaces should be encrypted with a customer-managed key - (CMK)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Evaluate - Azure Machine Learning workspaces that do not have encryption enabled with - customer-managed keys (CMK). Customer-managed keys add an additional layer - of security for workspaces. For more information, visit https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Machine + Machine Learning workspaces should be encrypted with a customer-managed key\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Manage + encryption at rest of Azure Machine Learning workspace data with customer-managed + keys. By default, customer data is encrypted with service-managed keys, but + customer-managed keys are commonly required to meet regulatory compliance + standards. Customer-managed keys enable the data to be encrypted with an Azure + Key Vault key created and owned by you. You have full control and responsibility + for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.\",\"metadata\":{\"version\":\"1.0.3\",\"category\":\"Machine Learning\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.MachineLearningServices/workspaces\"},{\"not\":{\"field\":\"Microsoft.MachineLearningServices/workspaces/encryption.status\",\"equals\":\"enabled\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ba769a63-b8cc-4b2d-abf6-ac33c7204be8\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid topics to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"topic\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"topic-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baf19753-7502-405f-8745-370519b20483\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1726 - Information Handling And Retention\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"baff1279-05e0-4463-9a70-8ba5de4c7aa4\"},{\"properties\":{\"displayName\":\"Microsoft @@ -26147,9 +34783,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your non-internet-facing virtual machines from potential threats by restricting access with network security groups (NSG). Learn more about controlling traffic - with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + with NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"a9341235-9389-42f0-a0bf-9bfb57960d44\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bb91dfba-c30d-4263-9add-9c2384e659a6\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1533 - Third-Party Personnel Security\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -26240,15 +34876,33 @@ interactions: IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be - reviewed by the network security team.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + reviewed by the network security team.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b51c94-588b-426b-a892-24696f9e54cc\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd352bd5-2853-4985-bf0d-73806b4a5744\"},{\"properties\":{\"displayName\":\"Container + registries should have SKUs that support Private Links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your container registries + instead of the entire service, data leakage risks are reduced. Learn more + at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"notEquals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\"},{\"properties\":{\"displayName\":\"[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"SQL\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"Disabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/managedInstances\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/managedInstances/securityAlertPolicies\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\"equals\":\"\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bda18df3-5e41-4709-add9-2554ce68c966\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for DNS should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for DNS provides an additional layer of protection for your cloud + resources by continuously monitoring all DNS queries from your Azure resources. + Azure Defender alerts you about suspicious activity at the DNS layer. Learn + more about the capabilities of Azure Defender for DNS at https://aka.ms/defender-for-dns + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Dns\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bdc59948-5574-49b3-bb91-76b7c986428d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bdc59948-5574-49b3-bb91-76b7c986428d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -26280,15 +34934,13 @@ interactions: to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NumberOfDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Number of days\",\"description\":\"The number of days without restart until the machine is considered non-compliant\"},\"defaultValue\":\"12\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"MachineLastBootUpTime\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"},{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\"equals\":\"[base64(concat('[MachineUpTime]MachineLastBootUpTime;NumberOfDays', - '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Audit - Windows machines on which Windows Defender Exploit Guard is not enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires - that prerequisites are deployed to the policy assignment scope. For details, - visit https://aka.ms/gcpol. Machines are non-compliant if the PowerShell command - Get-MPPreference returns configuration details that does not match expected - values. Windows Defender Exploit Guard helps protect against malware that - uses exploits to infect devices and spread. Exploit Guard protection consists - of a number of mitigations that can be applied to either the operating system - or individual apps.\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.0\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include + '=', parameters('NumberOfDays')))]\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/beb6ccee-b6b8-4e91-9801-a5fa4260a104\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"beb6ccee-b6b8-4e91-9801-a5fa4260a104\"},{\"properties\":{\"displayName\":\"Windows + Defender Exploit Guard should be enabled on your machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows + Defender Exploit Guard uses the Azure Policy Guest Configuration agent. Exploit + Guard has four components that are designed to lock down devices against a + wide variety of attack vectors and block behaviors commonly used in malware + attacks while enabling enterprises to balance their security risk and productivity + requirements (Windows only).\",\"metadata\":{\"category\":\"Guest Configuration\",\"version\":\"1.1.1\",\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"WindowsDefenderExploitGuard\",\"version\":\"1.*\",\"configurationParameter\":{\"NotAvailableMachineState\":\"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\"}}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"NotAvailableMachineState\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Status if Windows Defender is not available on machine\",\"description\":\"Windows @@ -26331,7 +34983,17 @@ interactions: Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"A + private endpoint is a private IP address allocated inside a customer-owned + virtual network via which an Azure resource is reachable. This policy deploys + a private endpoint for your IoT hub to allow services inside your virtual + network to reach IoT Hub without requiring traffic to be sent to IoT Hub's + public endpoint.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Devices/IotHubs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Devices/IotHubs/PrivateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"iotHub\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf684997-3909-404e-929c-d4a38ed23b2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf684997-3909-404e-929c-d4a38ed23b2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bf6850fe-abba-468e-9ef4-d09ec7d983cd\"},{\"properties\":{\"displayName\":\"[Deprecated]: @@ -26356,7 +35018,55 @@ interactions: Group Membership;ExpectedValue\",\"value\":\"[parameters('AuditGroupMembership')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Only + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c04255ee-1b9f-42c1-abaa-bf1553f79930\"},{\"properties\":{\"displayName\":\"Configure + Kubernetes clusters with specified GitOps configuration using SSH secrets\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy + a 'sourceControlConfiguration' to Kubernetes clusters to assure that the clusters + get their source of truth for workloads and configurations from the defined + git repo. This definition requires a SSH private key secret in Key Vault. + For instructions, visit https://aka.ms/K8sGitOpsPolicy.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"configurationResourceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Configuration + resource name\",\"description\":\"The name for the sourceControlConfiguration. + \ Learn more about setting up GitOps configuration: https://aka.ms/AzureArcK8sUsingGitOps.\"}},\"operatorInstanceName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + instance name\",\"description\":\"Name used in the operator instances. Maximum + of 23 lowercase alphanumeric characters or hyphen. Must start and end with + an alphanumeric character.\"}},\"operatorNamespace\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + namespace\",\"description\":\"Namespace within which the operators will be + installed. Maximum of 23 lowercase alphanumeric characters or hyphen. Must + start and end with an alphanumeric character.\"}},\"operatorScope\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + scope\",\"description\":\"The permission scope for the operator. Possible + values are 'cluster' (full access) or 'namespace' (restricted access).\"},\"allowedValues\":[\"cluster\",\"namespace\"],\"defaultValue\":\"namespace\"},\"operatorType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + type\",\"description\":\"The type of operator to install. Currently, 'Flux' + is supported.\"},\"allowedValues\":[\"Flux\"],\"defaultValue\":\"Flux\"},\"operatorParams\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Operator + parameters\",\"description\":\"Parameters to set on the Flux operator, separated + by spaces. For example, --git-readonly --sync-garbage-collection. Learn + more: http://aka.ms/AzureArcK8sFluxOperatorParams.\"},\"defaultValue\":\"\"},\"repositoryUrl\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Repository + Url\",\"description\":\"The URL for the source control repository. Learn more + about URL formats: https://aka.ms/GitOpsRepoUrlParameters\"}},\"enableHelmOperator\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable + Helm\",\"description\":\"Indicate whether to enable Helm for this instance + of Flux. Learn more: http://aka.ms/AzureArcK8sGitOpsWithHelm.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\"},\"chartVersion\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart version for installing Flux Helm\",\"description\":\"The version of + the Helm chart for installing Flux Helm. For example, 1.2.0\"},\"defaultValue\":\"1.2.0\"},\"chartValues\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Helm + chart parameters for installing Flux Helm\",\"description\":\"Parameters for + the Helm chart for installing Flux Helm, separated by spaces. For example, + --set helm.versions=v3\"},\"defaultValue\":\"\"},\"sshKnownHostsContents\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Base64-encoded + known hosts content\",\"description\":\"The base64-encoded known hosts content.\"},\"defaultValue\":\"\"},\"keyVaultResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Key + Vault resource id\",\"description\":\"The resource id for the Key Vault that + holds the SSH or HTTPS secrets. For example: '/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/'\",\"strongType\":\"Microsoft.KeyVault/vaults\",\"assignPermissions\":\"true\"},\"defaultValue\":\"\"},\"sshPrivateKeyKeyVaultSecretName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"SSH + private key Key Vault secret\",\"description\":\"The name of the Key Vault + secret that holds the base64-encoded SSH private key.\"},\"defaultValue\":\"\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"auditIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations\",\"name\":\"[parameters('configurationResourceName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deploymentScope\":\"ResourceGroup\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/operatorParams\",\"in\":[\"[parameters('operatorParams')]\",\"[concat('--git-readonly + ',parameters('operatorParams'))]\"]},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/repositoryUrl\",\"equals\":\"[parameters('repositoryUrl')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/sshKnownHostsContents\",\"equals\":\"[parameters('sshKnownHostsContents')]\"},{\"anyOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/enableHelmOperator\",\"equals\":\"true\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartVersion\",\"equals\":\"[parameters('chartVersion')]\"},{\"field\":\"Microsoft.KubernetesConfiguration/sourceControlConfigurations/helmOperatorProperties.chartValues\",\"equals\":\"[parameters('chartValues')]\"}]}]}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"configurationResourceName\":{\"type\":\"string\"},\"clusterLocation\":{\"type\":\"string\"},\"clusterName\":{\"type\":\"string\"},\"operatorInstanceName\":{\"type\":\"string\"},\"operatorNamespace\":{\"type\":\"string\"},\"operatorScope\":{\"type\":\"string\"},\"operatorType\":{\"type\":\"string\"},\"operatorParams\":{\"type\":\"string\"},\"repositoryUrl\":{\"type\":\"string\"},\"enableHelmOperator\":{\"type\":\"string\"},\"chartVersion\":{\"type\":\"string\"},\"chartValues\":{\"type\":\"string\"},\"sshKnownHostsContents\":{\"type\":\"string\"},\"sshPrivateKey\":{\"type\":\"securestring\"},\"clusterResourceType\":{\"type\":\"string\"}},\"resources\":[{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('connectedclusters'))]\",\"type\":\"Microsoft.Kubernetes/connectedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}},{\"condition\":\"[contains(toLower(parameters('clusterResourceType')), + toLower('managedclusters'))]\",\"type\":\"Microsoft.ContainerService/managedClusters/providers/sourceControlConfigurations\",\"name\":\"[concat(parameters('clusterName'), + '/Microsoft.KubernetesConfiguration/', parameters('configurationResourceName'))]\",\"apiVersion\":\"2021-03-01\",\"properties\":{\"operatorInstanceName\":\"[parameters('operatorInstanceName')]\",\"operatorNamespace\":\"[parameters('operatorNamespace')]\",\"operatorScope\":\"[parameters('operatorScope')]\",\"operatorType\":\"[parameters('operatorType')]\",\"operatorParams\":\"[parameters('operatorParams')]\",\"repositoryUrl\":\"[parameters('repositoryUrl')]\",\"enableHelmOperator\":\"[parameters('enableHelmOperator')]\",\"helmOperatorProperties\":{\"chartVersion\":\"[parameters('chartVersion')]\",\"chartValues\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":\"[parameters('sshKnownHostsContents')]\",\"configurationProtectedSettings\":{\"sshPrivateKey\":\"[parameters('sshPrivateKey')]\"}}}]},\"parameters\":{\"clusterLocation\":{\"value\":\"[field('location')]\"},\"clusterName\":{\"value\":\"[field('name')]\"},\"configurationResourceName\":{\"value\":\"[parameters('configurationResourceName')]\"},\"operatorInstanceName\":{\"value\":\"[parameters('operatorInstanceName')]\"},\"operatorNamespace\":{\"value\":\"[parameters('operatorNamespace')]\"},\"operatorScope\":{\"value\":\"[parameters('operatorScope')]\"},\"operatorType\":{\"value\":\"[parameters('operatorType')]\"},\"operatorParams\":{\"value\":\"[parameters('operatorParams')]\"},\"repositoryUrl\":{\"value\":\"[parameters('repositoryUrl')]\"},\"enableHelmOperator\":{\"value\":\"[parameters('enableHelmOperator')]\"},\"chartVersion\":{\"value\":\"[parameters('chartVersion')]\"},\"chartValues\":{\"value\":\"[parameters('chartValues')]\"},\"sshKnownHostsContents\":{\"value\":\"[parameters('sshKnownHostsContents')]\"},\"sshPrivateKey\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('sshPrivateKeyKeyVaultSecretName')]\"}},\"clusterResourceType\":{\"value\":\"[field('type')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c050047b-b21b-4822-8a2d-c1e37c3c0c6a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c050047b-b21b-4822-8a2d-c1e37c3c0c6a\"},{\"properties\":{\"displayName\":\"Configure + private endpoint connections on Azure Automation accounts\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoint connections allow secure communication by enabling private connectivity + to Azure Automation accounts without a need for public IP addresses at the + source or destination. Learn more about private endpoints in Azure Automation + at https://docs.microsoft.com/azure/automation/how-to/private-link-security.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Automation\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Automation/automationAccounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.Automation/automationAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'Webhook')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"Webhook\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}},{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[concat(variables('privateEndpointName'),'DSCAndHybridWorker')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"DSCAndHybridWorker\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c0c3130e-7dda-4187-aed0-ee4a472eaa60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c0c3130e-7dda-4187-aed0-ee4a472eaa60\"},{\"properties\":{\"displayName\":\"Only approved VM extensions should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy governs the virtual machine extensions that are not approved.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Compute\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"approvedExtensions\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -26502,7 +35212,8 @@ interactions: for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, - verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Network\"},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure + verifying compliance, detecting intrusions and more.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/flowLogs[*]\"},\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c251913d-7d24-4958-af87-478ed3b9ba41\"},{\"properties\":{\"displayName\":\"Azure Defender for container registries should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Defender for container registries provides vulnerability scanning of any images pulled within the last 30 days, pushed to your registry, or imported, and @@ -26533,19 +35244,37 @@ interactions: Box\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The desired effect of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"supportedSKUs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Supported SKUs\",\"description\":\"The list of SKUs that support software-based double - encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Microsoft + encryption\"},\"allowedValues\":[\"DataBox\",\"DataBoxHeavy\"],\"defaultValue\":[\"DataBox\",\"DataBoxHeavy\"]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataBox/jobs\"},{\"field\":\"Microsoft.Databox/jobs/sku.name\",\"in\":\"[parameters('supportedSKUs')]\"},{\"field\":\"Microsoft.DataBox/jobs/details.preferences.encryptionPreferences.doubleEncryption\",\"notEquals\":\"Enabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c349d81b-9985-44ae-a8da-ff98d108ede8\"},{\"properties\":{\"displayName\":\"Azure + Key Vault Managed HSM should have purge protection enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Malicious + deletion of an Azure Key Vault Managed HSM can lead to permanent data loss. + A malicious insider in your organization can potentially delete and purge + Azure Key Vault Managed HSM. Purge protection protects you from insider attacks + by enforcing a mandatory retention period for soft deleted Azure Key Vault + Managed HSM. No one inside your organization or Microsoft will be able to + purge your Azure Key Vault Managed HSM during the soft delete retention period.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Key + Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/managedHsms\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault/managedHsms/enableSoftDelete\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.KeyVault/managedHsms/enablePurgeProtection\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39ba22d-4428-4149-b981-70acb31fc383\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1389 - Information Spillage Response\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c39e6fda-ae70-4891-a739-be7bba6d1062\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"System + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Defender for Resource Manager should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure + Defender for Resource Manager automatically monitors the resource management + operations in your organization. Azure Defender detects threats and alerts + you about suspicious activity. Learn more about the capabilities of Azure + Defender for Resource Manager at https://aka.ms/defender-for-resource-manager + . Enabling this Azure Defender plan results in charges. Learn about the pricing + details per region on Security Center's pricing page: https://aka.ms/pricing-security-center + .\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/pricings\",\"name\":\"Arm\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"field\":\"Microsoft.Security/pricings/pricingTier\",\"equals\":\"Standard\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3d20c29-b36d-48fe-808b-99a87530ad99\"},{\"properties\":{\"displayName\":\"System updates on virtual machine scale sets should be installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine - scale sets are secure.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + scale sets are secure.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"bd20bd91-aaf1-7f14-b6e4-866de2f43146\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -26575,9 +35304,9 @@ interactions: implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4aff9e7-2e60-46fa-86be-506b79033fc5\"},{\"properties\":{\"displayName\":\"Managed identity should be used in your API App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use - a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + a managed identity for enhanced authentication security\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"anyOf\":[{\"field\":\"Microsoft.Web/sites/config/managedServiceIdentityId\",\"exists\":\"true\"},{\"field\":\"Microsoft.Web/sites/config/xmanagedServiceIdentityId\",\"exists\":\"true\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"},{\"properties\":{\"displayName\":\"Authentication should be enabled on your API app\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they @@ -26737,27 +35466,25 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c69b870e-857b-458b-af02-bb234f7a00d3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1125 - Audit Reduction And Report Generation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"[Preview]: - Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"},{\"properties\":{\"displayName\":\"Deploy + Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific - categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Profile name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Log Analytics workspace\",\"description\":\"Select Log Analytics workspace - from dropdown list. If this workspace is outside of the scope of the assignment + categories are not enabled, a new diagnostic setting is created.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"Backup\"},\"parameters\":{\"profileName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Profile + name\",\"description\":\"The diagnostic settings profile name\"},\"defaultValue\":\"setbypolicy_logAnalytics\"},\"logAnalytics\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Analytics workspace\",\"description\":\"Select Log Analytics workspace from + dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) - to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Name\",\"description\":\"Name of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Exclusion Tag Value\",\"description\":\"Value of the tag to use for excluding - vaults from this policy. This should be used along with the Exclusion Tag - Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), + to the policy assignment's principal ID.\",\"strongType\":\"omsWorkspace\",\"assignPermissions\":true}},\"tagName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Name\",\"description\":\"Name of the tag to use for excluding vaults from + this policy. This should be used along with the Exclusion Tag Value parameter.\"},\"defaultValue\":\"\"},\"tagValue\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Exclusion + Tag Value\",\"description\":\"Value of the tag to use for excluding vaults + from this policy. This should be used along with the Exclusion Tag Name parameter.\"},\"defaultValue\":\"\"}},\"policyRule\":{\"if\":{\"allof\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"not\":{\"field\":\"[concat('tags[',parameters('tagName'), ']')]\",\"equals\":\"[parameters('tagValue')]\"}}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"allof\":[{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"allof\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Category\",\"in\":[\"CoreAzureBackup\",\"AddonAzureBackupJobs\",\"AddonAzureBackupAlerts\",\"AddonAzureBackupPolicy\",\"AddonAzureBackupStorage\",\"AddonAzureBackupProtectedInstance\"]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].Enabled\",\"equals\":\"True\"}]}},\"Equals\":6},{\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\",\"notEquals\":\"\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType\",\"equals\":\"Dedicated\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vaultName\":{\"type\":\"string\"},\"logAnalytics\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.RecoveryServices/vaults/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"dependsOn\":[],\"properties\":{\"workspaceId\":\"[parameters('logAnalytics')]\",\"logAnalyticsDestinationType\":\"Dedicated\",\"metrics\":[],\"logs\":[{\"category\":\"CoreAzureBackup\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupAlerts\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupJobs\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupPolicy\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupProtectedInstance\",\"enabled\":\"true\"},{\"category\":\"AddonAzureBackupStorage\",\"enabled\":\"true\"}]}}],\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), - 'configured for diagnostic logs for ', ': ', parameters('vaultName'), '/', - 'Microsoft.Insights/', parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft + 'configured for resource logs for ', ': ', parameters('vaultName'), '/', 'Microsoft.Insights/', + parameters('profileName'))]\"}}},\"parameters\":{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"vaultName\":{\"value\":\"[field('name')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c717fb0c-d118-4c43-ab3d-ece30ac81fb3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1619 - Information In Shared Resources\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c722e569-cb52-45f3-a643-836547d016e1\"},{\"properties\":{\"displayName\":\"Microsoft @@ -26821,15 +35548,15 @@ interactions: This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Diagnostic + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/flexibleServers\"},{\"field\":\"Microsoft.DBforMySQL/flexibleServers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9299215-ae47-4f50-9c54-8a392f68a052\"},{\"properties\":{\"displayName\":\"Resource logs in Data Lake Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Data + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Data Lake\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeAnalytics/accounts\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of @@ -26851,6 +35578,17 @@ interactions: toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c96f3246-4382-4264-bf6b-af0b35e23c3c\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure IoT Hubs to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private DNS provides a reliable, secure DNS service to manage and resolve + domain names in a virtual network without the need to add a custom DNS solution. + You can use private DNS zones to override the DNS resolution by using your + own custom domain names for a private endpoint. This policy deploys a private + DNS Zone for IoT Hub private endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"iotHub\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink.azure-devices.net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy automatically deploys diagnostic settings to network security groups. A storage account with name '{storagePrefixParameter}{NSGLocation}' will be @@ -26871,11 +35609,30 @@ interactions: network rules. These services will then use strong authentication to access the storage account.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Storage\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Storage/storageAccounts\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"exists\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\"notContains\":\"AzureServices\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c9d007d0-c057-4772-b18c-01e546713bcd\"},{\"properties\":{\"displayName\":\"App - Configuration should use a private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private - endpoint connections allow clients on a virtual network to securely access - Azure App Configuration over a private link.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App + Configuration should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to your app configuration instances + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/appconfig/private-endpoint.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"App Configuration\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.AppConfiguration/configurationStores\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.AppConfiguration/configurationStores/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca610c1d-041c-4332-9d88-7ed3094967c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca610c1d-041c-4332-9d88-7ed3094967c7\"},{\"properties\":{\"displayName\":\"[Preview]: + Deploy - Configure Windows Azure Monitor agent to enable Azure Monitor assignments + on Windows virtual machines\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Configure + Windows Azure Monitor agent to Windows virtual machines hosted in Azure that + are supported by Azure Monitor. Azure Monitor agent collects events from the + virtual machine that can be used to provide recommendations. Target virtual + machines must be in a supported location.\",\"metadata\":{\"category\":\"Monitoring\",\"version\":\"1.0.0-preview\",\"preview\":true},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"location\",\"in\":[\"australiacentral\",\"australiaeast\",\"australiasoutheast\",\"centralindia\",\"centralus\",\"eastasia\",\"eastus2euap\",\"eastus\",\"eastus2\",\"germanywestcentral\",\"japaneast\",\"northcentralus\",\"northeurope\",\"southcentralus\",\"southeastasia\",\"uksouth\",\"westcentralus\",\"westeurope\",\"westus\",\"westus2\"]},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]}]},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"AzureMonitorWindowsAgent\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitor\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\",\"equals\":\"AzureMonitorWindowsAgent\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\"equals\":\"Succeeded\"}]},\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"vmName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"name\":\"[concat(parameters('vmName'), + '/AzureMonitorWindowsAgent')]\",\"apiVersion\":\"2019-07-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.Azure.Monitor\",\"type\":\"AzureMonitorWindowsAgent\",\"typeHandlerVersion\":\"1.0\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca817e41-e85a-4783-bc7f-dc532d36235e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca817e41-e85a-4783-bc7f-dc532d36235e\"},{\"properties\":{\"displayName\":\"Managed + disks should be double encrypted with both platform-managed and customer-managed + keys\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"High + security sensitive customers who are concerned of the risk associated with + any particular encryption algorithm, implementation, or key being compromised + can opt for additional layer of encryption using a different encryption algorithm/mode + at the infrastructure layer using platform managed encryption keys. The disk + encryption sets are required to use double encryption. Learn more at https://aka.ms/disks-doubleEncryption.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/diskEncryptionSets\"},{\"field\":\"Microsoft.Compute/diskEncryptionSets/encryptionType\",\"notEquals\":\"EncryptionAtRestWithPlatformAndCustomerKeys\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca91455f-eace-4f96-be59-e6e2c35b4816\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ca94b046-45e2-444f-a862-dc8ce262a516\"},{\"properties\":{\"displayName\":\"Microsoft @@ -26921,9 +35678,9 @@ interactions: Sensitive data in your SQL databases should be classified\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive - data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Security + data in your databases for better monitoring and security\",\"metadata\":{\"version\":\"3.0.0-preview\",\"category\":\"Security Center\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers/databases\",\"Microsoft.Sql/managedInstances/databases\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"b0df6f56-862d-4730-8597-38c0fd4ebd59\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"},{\"properties\":{\"displayName\":\"Allowed virtual machine size SKUs\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy enables you to specify a set of virtual machine size SKUs that your organization can deploy.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Compute\"},\"parameters\":{\"listOfAllowedSKUs\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The @@ -26958,7 +35715,7 @@ interactions: export to Event Hub configuration with your conditions and target Event Hub on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and - create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Event Hub configuration is created. If you enter a name for a resource group @@ -26966,17 +35723,20 @@ interactions: group can only have one export to Event Hub configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Event Hub configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;Secure scores;Secure score controls;\"},\"allowedValues\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall - secure score\",\"Secure score controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -26987,30 +35747,52 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"eventHubDetails\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Event Hub details\",\"description\":\"The Event Hub details of where the data should be exported to: Subscription, Event Hub Namespace, Event Hub, and Authorizations - rules with 'Send' claim. If you do not already have an event hub, visit Event - Hubs to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.EventHub%2Fnamespaces).\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + rules with 'Send' claim.\",\"strongType\":\"Microsoft.EventHub/namespaces/eventhubs/authorizationrules\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"exportToEventHub\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"eventHubDetails\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"SeperatedEventHubDetails\":\"[split(parameters('eventHubDetails'),'/')]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"exportToEventHub\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Event Hub via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', @@ -27019,7 +35801,7 @@ interactions: '/', variables('SeperatedEventHubDetails')[3], '/', variables('SeperatedEventHubDetails')[4], '/', variables('SeperatedEventHubDetails')[5], '/', variables('SeperatedEventHubDetails')[6], '/', variables('SeperatedEventHubDetails')[7], '/', variables('SeperatedEventHubDetails')[8], - '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: + '/', variables('SeperatedEventHubDetails')[9], '/', variables('SeperatedEventHubDetails')[10])]\",\"connectionString\":\"[listkeys(parameters('eventHubDetails'),'2017-04-01').primaryConnectionString]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"eventHubDetails\":{\"value\":\"[parameters('eventHubDetails')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cdfcce10-4578-4ecd-9703-530938e4abcb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cdfcce10-4578-4ecd-9703-530938e4abcb\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows virtual machines @@ -27049,15 +35831,15 @@ interactions: Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"},{\"properties\":{\"displayName\":\"Resource logs in Key Vault should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Key + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Key Vault\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault/vaults\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"cf820ca0-f99e-4f3e-84fb-66e913812d21\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -27065,15 +35847,15 @@ interactions: Managed Control 1724 - Error Handling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d07594d1-0307-4c08-94db-5d71ff31f0f6\"},{\"properties\":{\"displayName\":\"Container - registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have any network or firewall (IP) rules configured - and so allow all network access by default. Restricting network access protects - container registries from potential threats. Container registries with at - least one IP / firewall rule or configured virtual network are deemed compliant. - For more information on Container Registry network rules, visit: https://aka.ms/acr/portal/public-network - and https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should not allow unrestricted network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + container registries by default accept connections over the internet from + hosts on any network. To protect your registries from potential threats, allow + access from only specific public IP addresses or address ranges. If your registry + doesn't have an IP/firewall rule or a configured virtual network, it will + appear in the unhealthy resources. Learn more about Container Registry network + rules here: https://aka.ms/acr/portal/public-network and here https://aka.ms/acr/vnet.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"anyof\":[{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"exists\":\"false\"},{\"field\":\"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\"equals\":\"Allow\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0793b48-0edc-4296-a390-4c75d1bdfd71\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1084 - Publicly Accessible Content\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\"},{\"properties\":{\"displayName\":\"Add @@ -27110,12 +35892,13 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d1e1d65c-1013-4484-bd54-991332e6a0d2\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1721 - Spam Protection | Central Management\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Guest - Configuration extension should be deployed to Azure virtual machines with - system assigned managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"},{\"properties\":{\"displayName\":\"Virtual + machines' Guest Configuration extension should be deployed with system-assigned + managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The Guest Configuration extension requires a system assigned managed identity. - This policy will report instances of the extension as non-compliant when the - machine where it is installed does not have a system assigned managed identity.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + Azure virtual machines in the scope of this policy will be non-compliant when + they have the Guest Configuration extension installed but do not have a system + assigned managed identity. Learn more at https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines/extensions\"},{\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\",\"equals\":\"Microsoft.GuestConfiguration\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachines\",\"name\":\"[first(split(field('fullName'), '/'))]\",\"existenceCondition\":{\"field\":\"identity.type\",\"contains\":\"SystemAssigned\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d26f7642-7545-4e18-9b75-8c9bbdee3a9a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -27125,7 +35908,15 @@ interactions: Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d3531453-b869-4606-9122-29c1cd6e7ed1\"},{\"properties\":{\"displayName\":\"Deploy + - Configure Azure Event Grid domains to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. Learn + more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"domain\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"domain-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d389df0a-e0d7-4607-833c-75a6fdac2c2d\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Windows VMs on which @@ -27175,7 +35966,16 @@ interactions: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name\"}}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkInterfaces\"},{\"not\":{\"field\":\"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id\",\"like\":\"[concat(parameters('virtualNetworkId'),'/*')]\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d416745a-506c-48b6-8ab1-83cb814bcaa3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1383 - Incident Response Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d4558451-e16a-4d2d-a066-fe12a6282bb9\"},{\"properties\":{\"displayName\":\"Managed + disks should use a specific set of disk encryption sets for the customer-managed + key encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requiring + a specific set of disk encryption sets to be used with managed disks give + you control over the keys used for encryption at rest. You are able to select + the allowed encrypted sets and all others are rejected when attached to a + disk. Learn more at https://aka.ms/disks-cmk.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"2.0.0\"},\"parameters\":{\"allowedEncryptionSets\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + disk encryption set\",\"description\":\"The list of allowed disk encryption + sets for managed disks.\",\"strongType\":\"Microsoft.Compute/diskEncryptionSets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/disks\"},{\"field\":\"Microsoft.Compute/disks/managedBy\",\"exists\":\"False\"},{\"field\":\"Microsoft.Compute/disks/encryption.diskEncryptionSetId\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.managedDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"count\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*]\"},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.osDiskImage.diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/galleries/images/versions\"},{\"value\":\"[length(field('Microsoft.Compute/galleries/images/versions/storageProfile.dataDiskImages[*]'))]\",\"greater\":0},{\"not\":{\"field\":\"Microsoft.Compute/galleries/images/versions/publishingProfile.targetRegions[*].encryption.dataDiskImages[*].diskEncryptionSetId\",\"in\":\"[parameters('allowedEncryptionSets')]\"}}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"field\":\"Microsoft.Compute/images/storageProfile.osDisk.diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/images\"},{\"value\":\"[length(field('Microsoft.Compute/images/storageProfile.dataDisks[*]'))]\",\"greater\":0},{\"field\":\"Microsoft.Compute/images/storageProfile.dataDisks[*].diskEncryptionSet.id\",\"notIn\":\"[parameters('allowedEncryptionSets')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d461a302-a187-421a-89ac-84acdb4edc04\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d461a302-a187-421a-89ac-84acdb4edc04\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Interactive Logon'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Interactive Logon' for displaying last user name and requiring ctrl-alt-del. @@ -27187,7 +35987,16 @@ interactions: or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureBaseline_SecurityOptionsInteractiveLogon\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d472d2c9-d6a3-4500-9f5f-b15f123005aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d472d2c9-d6a3-4500-9f5f-b15f123005aa\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1112 - Response To Audit Processing Failures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d530aad8-4ee2-45f4-b234-c061dae683c0\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs for Application Insights should be linked to a Log Analytics + workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + the Application Insights component to a Log Analytics workspace for logs encryption. + Customer-managed keys are commonly required to meet regulatory compliance + and for more control over the access to your data in Azure Monitor. Linking + your component to a Log Analytics workspace that's enabled with a customer-managed + key, ensures that your Application Insights logs meet this compliance requirement, + see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/components\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"equals\":\"\"},{\"field\":\"Microsoft.Insights/components/WorkspaceResourceId\",\"exists\":\"false\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d550e854-df1a-4de9-bf44-cd894b39a95e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d550e854-df1a-4de9-bf44-cd894b39a95e\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic @@ -27290,7 +36099,23 @@ interactions: auditing Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\"metadata\":{\"version\":\"1.0.0-deprecated\",\"category\":\"Guest - Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"Microsoft + Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"esri\",\"incredibuild\",\"MicrosoftDynamicsAX\",\"MicrosoftSharepoint\",\"MicrosoftVisualStudio\",\"MicrosoftWindowsDesktop\",\"MicrosoftWindowsServerHPCPack\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"dsvm-windows\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"standard-data-science-vm\",\"windows-data-science-vm\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"batch\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"rendering-windows2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"cis-windows-server-201*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"pivotal\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"bosh-windows-server*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloud-infrastructure-services\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"ad*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Windows*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"exists\":\"false\"},{\"allOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"2008*\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"notLike\":\"SQL2008*\"}]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"windows*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"WindowsSerialConsole\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that IoT Hub device provisioning + service instance isn't exposed on the public internet. Creating private endpoints + can limit exposure of the IoT Hub device provisioning instances. Learn more + at: https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"field\":\"Microsoft.Devices/provisioningServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d82101f3-f3ce-4fc5-8708-4c09f4009546\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d82101f3-f3ce-4fc5-8708-4c09f4009546\"},{\"properties\":{\"displayName\":\"Configure + Container registries with private endpoints\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Private + endpoints connect your virtual network to Azure services without a public + IP address at the source or destination. By mapping private endpoints to your + premium container registry resources, you can reduce data leakage risks. Learn + more at: https://aka.ms/privateendpoints and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateEndpointSubnetId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + endpoint subnet id\",\"description\":\"A subnet with private endpoint network + policies disabled.\",\"strongType\":\"Microsoft.Network/virtualNetworks/subnets\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"field\":\"Microsoft.ContainerRegistry/registries/sku.name\",\"equals\":\"Premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections\",\"existenceCondition\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections/privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"name\":{\"value\":\"[field('name')]\"},\"serviceId\":{\"value\":\"[field('id')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"name\":{\"type\":\"string\"},\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]\"},\"resources\":[{\"type\":\"Microsoft.Resources/deployments\",\"name\":\"[variables('privateEndpointName')]\",\"apiVersion\":\"2020-06-01\",\"properties\":{\"mode\":\"Incremental\",\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serviceId\":{\"type\":\"string\"},\"privateEndpointSubnetId\":{\"type\":\"string\"},\"subnetLocation\":{\"type\":\"string\"}},\"variables\":{\"privateEndpointName\":\"[deployment().name]\"},\"resources\":[{\"name\":\"[variables('privateEndpointName')]\",\"type\":\"Microsoft.Network/privateEndpoints\",\"apiVersion\":\"2020-07-01\",\"location\":\"[parameters('subnetLocation')]\",\"tags\":{},\"properties\":{\"subnet\":{\"id\":\"[parameters('privateEndpointSubnetId')]\"},\"privateLinkServiceConnections\":[{\"name\":\"[variables('privateEndpointName')]\",\"properties\":{\"privateLinkServiceId\":\"[parameters('serviceId')]\",\"groupIds\":[\"registry\"],\"requestMessage\":\"autoapprove\"}}],\"manualPrivateLinkServiceConnections\":[]}}]},\"parameters\":{\"serviceId\":{\"value\":\"[parameters('serviceId')]\"},\"privateEndpointSubnetId\":{\"value\":\"[parameters('privateEndpointSubnetId')]\"},\"subnetLocation\":{\"value\":\"[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]\"}}}}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d85c6833-7d33-4cf5-a915-aaa2de84405f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d85c6833-7d33-4cf5-a915-aaa2de84405f\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1016 - Account Management | Automated Audit Actions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d8b43277-512e-40c3-ab00-14b3b6e72238\"},{\"properties\":{\"displayName\":\"Microsoft @@ -27300,13 +36125,19 @@ interactions: Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d922484a-8cfc-4a6b-95a4-77d6a685407f\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MySQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MySQL can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall rules.\",\"metadata\":{\"version\":\"1.0.2\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DBforMySQL/servers\"},{\"field\":\"Microsoft.DBforMySQL/servers/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9844e8a-1437-4aeb-a32c-0c992f056095\"},{\"properties\":{\"displayName\":\"Azure + HDInsight clusters should use encryption in transit to encrypt communication + between Azure HDInsight cluster nodes\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Data + can be tampered with during transmission between Azure HDInsight cluster nodes. + Enabling encryption in transit addresses problems of misuse and tampering + during this transmission.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"HDInsight\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HDInsight/clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"exists\":false},{\"field\":\"Microsoft.HDInsight/clusters/encryptionInTransitProperties.isEncryptionInTransitEnabled\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d9da03a1-f3c3-412a-9709-947156872263\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d9da03a1-f3c3-412a-9709-947156872263\"},{\"properties\":{\"displayName\":\"Audit Windows machines that do not store passwords using reversible encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines @@ -27320,7 +36151,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3bfb53-9c46-4010-b3db-a7ba1296dada\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1516 - Personnel Termination\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da3cd269-156f-435b-b472-c3af34c032ed\"},{\"properties\":{\"displayName\":\"Configure + CosmosDB accounts to disable public network access \",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + public network access for your CosmosDB resource so that it's not accessible + over the public internet. This can reduce data leakage risks. Learn more at: + https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cosmos + DB\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Modify\",\"Disabled\"],\"defaultValue\":\"Modify\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DocumentDB/databaseAccounts\"},{\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\",\"/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\"],\"conflictEffect\":\"audit\",\"operations\":[{\"condition\":\"[greaterOrEquals(requestContext().apiVersion, + '2021-01-15')]\",\"operation\":\"addOrReplace\",\"field\":\"Microsoft.DocumentDB/databaseAccounts/publicNetworkAccess\",\"value\":\"Disabled\"}]}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"da69ba51-aaf1-41e5-8651-607cd0b37088\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Batch Account to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch Account which is missing this diagnostic settings is created @@ -27341,7 +36179,23 @@ interactions: '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"ServiceLog\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"db51110f-0865-4a6e-b274-e2e07a5b2cd7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc43e829-3d50-4a0a-aa0f-428d551862aa\"},{\"properties\":{\"displayName\":\"Logic + Apps should be deployed into Integration Service Environment\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploying + Logic Apps into Integration Service Environment in a virtual network unlocks + advanced Logic Apps networking and security features and provides you with + greater control over your network configuration. Learn more at: https://aka.ms/integration-service-environment. + Deploying into Integration Service Environment also allows encryption with + customer-managed keys which provides enhanced data protection by allowing + you to manage your encryption keys. This is often to meet compliance requirements.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Logic + Apps\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Logic/workflows\"},{\"field\":\"Microsoft.Logic/workflows/integrationServiceEnvironment\",\"exists\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dc595cb1-1cde-45f6-8faf-f88874e1c0e1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dc595cb1-1cde-45f6-8faf-f88874e1c0e1\"},{\"properties\":{\"displayName\":\"Web + apps should use an Azure file share for its content directory\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"The + content directory of a web app should be located on an Azure file share. The + storage account information for the file share must be provided before any + publishing activity. To learn more about using Azure Files for hosting app + service content refer to https://go.microsoft.com/fwlink/?linkid=2151594.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App + Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"field\":\"Microsoft.Web/sites/storageAccountRequired\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dcbc65aa-59f3-4239-8978-3bb869d82604\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dcbc65aa-59f3-4239-8978-3bb869d82604\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1439 - Media Sanitization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Media Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dce72873-c5f1-47c3-9b4f-6b8207fd5a45\"},{\"properties\":{\"displayName\":\"Microsoft @@ -27419,7 +36273,24 @@ interactions: DA extension for VM', ': ', parameters('vmName'))]\"}}},\"parameters\":{\"vmName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deacecc0-9f84-44d2-bb82-46f32d766d43\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1528 - Access Agreements\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"MariaDB + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deb9797c-22f8-40e8-b342-a84003c924e6\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Recovery Services vaults should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to Azure Recovery Services + vaults, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/AB-PrivateEndpoints.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"preview\":true,\"category\":\"Backup\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.RecoveryServices/vaults\"},{\"count\":{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"},{\"field\":\"Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState\",\"equals\":\"Succeeded\"}]}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"deeddb44-9f94-4903-9fa0-081d524406e3\"},{\"properties\":{\"displayName\":\"IoT + Hub device provisioning service instances should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The Private Link platform + handles the connectivity between the consumer and services over the Azure + backbone network. By mapping private endpoints to the IoT Hub device provisioning + service, data leakage risks are reduced. Learn more about private links at: + https://aka.ms/iotdpsvnet.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Internet + of Things\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Devices/provisioningServices\"},{\"count\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.Devices/provisioningServices/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df39c015-56a4-45de-b4a3-efe77bed320d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df39c015-56a4-45de-b4a3-efe77bed320d\"},{\"properties\":{\"displayName\":\"MariaDB server should use a virtual network service endpoint\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure Database for MariaDB while ensuring the traffic stays within the @@ -27428,7 +36299,20 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforMariaDB/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules\",\"existenceCondition\":{\"field\":\"Microsoft.DBforMariaDB/servers/virtualNetworkRules/virtualNetworkSubnetId\",\"exists\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dfbd9a64-6114-48de-a47d-90574dc2e489\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dfbd9a64-6114-48de-a47d-90574dc2e489\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"},{\"properties\":{\"displayName\":\"Configure + Azure Cache for Redis to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone can be linked to your virtual network to resolve to Azure + Cache for Redis. Learn more at: https://aka.ms/privatednszone.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cache\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone Id\",\"strongType\":\"Microsoft.Network/privateDnsZones\",\"description\":\"The + resource id of the private DNS zone\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"redisCache\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"privatelink-redis-cache-windows-net\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e016b22b-e0eb-436d-8fd7-160c4eaed6e2\"},{\"properties\":{\"displayName\":\"Auditing + on Synapse workspace should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Auditing + on your Synapse workspace should be enabled to track database activities across + all databases on the dedicated SQL pools and save them in an audit log.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Synapse\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"setting\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Desired + Auditing setting\"},\"allowedValues\":[\"enabled\",\"disabled\"],\"defaultValue\":\"enabled\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Synapse/workspaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Synapse/workspaces/auditingSettings\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Synapse/workspaces/auditingSettings/state\",\"equals\":\"[parameters('setting')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e04e5000-cd89-451d-bb21-a14d24ff9c73\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e04e5000-cd89-451d-bb21-a14d24ff9c73\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'User Rights Assignment'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'User Rights Assignment' for allowing log on locally, RDP, access from the network, @@ -27574,9 +36458,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1da06bd-25b6-4127-a301-c313d6873fff\"},{\"properties\":{\"displayName\":\"Vulnerabilities in security configuration on your machines should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Servers which do not satisfy the configured baseline will be monitored by Azure Security - Center as recommendations\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + Center as recommendations\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"181ac480-f7c4-544b-9865-11b8ffe87f47\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1047 - System Use Notification\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\"},{\"properties\":{\"displayName\":\"Microsoft @@ -27592,16 +36476,17 @@ interactions: advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Audit - Dependency agent deployment in virtual machine scale sets - VM Image (OS) - unlisted\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports - virtual machine scale sets as non-compliant if the VM Image (OS) is not in - the list defined and the agent is not installed. The list of OS images will - be updated over time as support is updated.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Windows OS to add to scope\",\"description\":\"Example + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"kind\",\"contains\":\"linux\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/web.http20Enabled\",\"equals\":\"true\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2c1c086-2d84-4019-bff3-c44ccd95113c\"},{\"properties\":{\"displayName\":\"Dependency + agent should be enabled in virtual machine scale sets for listed virtual machine + images\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Reports + virtual machine scale sets as non-compliant if the virtual machine image is + not in the list defined and the agent is not installed. The list of OS images + is updated over time as support is updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"listOfImageIdToInclude_windows\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: + List of virtual machine images that have supported Windows OS to add to scope\",\"description\":\"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"listOfImageIdToInclude_linux\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Optional: - List of VM images that have supported Linux OS to add to scope\",\"description\":\"Example - value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft + List of virtual machine images that have supported Linux OS to add to scope\",\"description\":\"Example + value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"not\":{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_windows')]\"},{\"field\":\"Microsoft.Compute/imageId\",\"in\":\"[parameters('listOfImageIdToInclude_linux')]\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2012-Datacenter\",\"2012-Datacenter-smalldisk\",\"2012-R2-Datacenter\",\"2012-R2-Datacenter-smalldisk\",\"2016-Datacenter\",\"2016-Datacenter-Server-Core\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-Datacenter-smalldisk\",\"2016-Datacenter-with-Containers\",\"2016-Datacenter-with-RDSH\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-Datacenter-Core-smalldisk\",\"2019-Datacenter-Core-with-Containers\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-Datacenter-smalldisk\",\"2019-Datacenter-with-Containers\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-Datacenter-zhcn\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerSemiAnnual\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"Datacenter-Core-1709-smalldisk\",\"Datacenter-Core-1709-with-Containers-smalldisk\",\"Datacenter-Core-1803-with-Containers-smalldisk\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsServerHPCPack\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"WindowsServerHPCPack\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftSQLServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2016-BYOL\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"*-WS2012R2-BYOL\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftRServer\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"MLServer-WS2016\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftVisualStudio\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"VisualStudio\",\"Windows\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-U8\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftDynamicsAX\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Dynamics\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"equals\":\"Pre-Req-AX7-Onebox-V4\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"windows-data-science-vm\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"MicrosoftWindowsDesktop\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Windows-10\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-SAP-HANA\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"SUSE\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"SLES\",\"SLES-HPC\",\"SLES-HPC-Priority\",\"SLES-SAP\",\"SLES-SAP-BYOS\",\"SLES-Priority\",\"SLES-BYOS\",\"SLES-SAPCAL\",\"SLES-Standard\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"12-SP2\",\"12-SP3\",\"12-SP4\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"14.04.0-LTS\",\"14.04.1-LTS\",\"14.04.5-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"16.04-LTS\",\"16.04.0-LTS\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"18.04-LTS\"]}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"Centos\",\"Centos-LVM\",\"CentOS-SRIOV\"]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"6.*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"7*\"}]}]}}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Compute/virtualMachineScaleSets/extensions\",\"existenceCondition\":{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\"equals\":\"Microsoft.Azure.Monitoring.DependencyAgent\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1161 - Continuous Monitoring\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\"},{\"properties\":{\"displayName\":\"Microsoft @@ -27616,9 +36501,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/virtualNetworkGateways\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/gatewayType\",\"equals\":\"Vpn\"},{\"field\":\"Microsoft.Network/virtualNetworkGateways/sku.tier\",\"equals\":\"Basic\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\"},{\"properties\":{\"displayName\":\"MFA should be enabled on accounts with read permissions on your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with - read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + read privileges to prevent a breach of accounts or resources.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"151e82c5-5341-a74b-1eb0-bc38d2c84bb5\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e3576e28-8b17-4677-84c3-db2990658d64\"},{\"properties\":{\"displayName\":\"RDP access from the Internet should be blocked\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy audits any network security rule that allows RDP access from Internet\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Network\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\"},{\"allOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\",\"equals\":\"Allow\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\"equals\":\"Inbound\"},{\"anyOf\":[{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"*\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"equals\":\"3389\"},{\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), @@ -27864,9 +36749,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e80b6812-0bfa-4383-8223-cdd86a46a890\"},{\"properties\":{\"displayName\":\"Vulnerabilities in container security configurations should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Audit vulnerabilities in security configuration on machines with Docker installed - and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + and display as recommendations in Azure Security Center.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"0677209d-e675-2c6f-e91a-54cef2878663\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8cbc669-f12d-49eb-93e7-9273119e9933\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic @@ -27885,12 +36770,13 @@ interactions: logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataLakeStore/accounts\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\"},{\"properties\":{\"displayName\":\"Container - registries should use private links\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - container registries that do not have at least one approved private endpoint - connection. Clients in a virtual network can securely access resources that - have private endpoint connections through private links. Public access can - then be disabled to ensure that only private links can be used to connect - to the registry. For more information, visit: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container + registries should use private link\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Private Link lets you connect your virtual network to Azure services without + a public IP address at the source or destination. The private link platform + handles the connectivity between the consumer and services over the Azure + backbone network.By mapping private endpoints to your container registries + instead of the entire service, you'll also be protected against data leakage + risks. Learn more at: https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"Container Registry\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.ContainerRegistry/registries\"},{\"count\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*]\",\"where\":{\"field\":\"Microsoft.ContainerRegistry/registries/privateEndpointConnections[*].privateLinkServiceConnectionState.status\",\"equals\":\"Approved\"}},\"less\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8eef0a8-67cf-4eb4-9386-14b0e78733d4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8eef0a8-67cf-4eb4-9386-14b0e78733d4\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -27901,7 +36787,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e901375c-8f01-4ac8-9183-d5312f47fe63\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1723 - Information Input Validation\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Information Integrity control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"},{\"properties\":{\"displayName\":\"Configure + Container registries to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Container + Registry. Learn more at: https://aka.ms/privatednszone and https://aka.ms/acr/private-link.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Container + Registry\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint. It should be linked to the private endpoint's associated VNET.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"registry\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"containerRegistry-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1200 - Security Impact Analysis\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e98fe9d7-2ed3-44f8-93b7-24dca69783ff\"},{\"properties\":{\"displayName\":\"Microsoft @@ -27912,7 +36807,14 @@ interactions: debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"*api\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\"equals\":\"false\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"},{\"properties\":{\"displayName\":\"Azure + Monitor Logs clusters should be created with infrastructure-encryption enabled + (double encryption)\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"To + ensure secure data encryption is enabled at the service level and the infrastructure + level with two different encryption algorithms and two different keys, use + an Azure Monitor dedicated cluster. This option is enabled by default when + supported at the region, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys#customer-managed-key-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/clusters\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/clusters/isDoubleEncryptionEnabled\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea0dfaed-95fb-448c-934e-d6e713ce393d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea0dfaed-95fb-448c-934e-d6e713ce393d\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Incident Response control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea3e8156-89a1-45b1-8bd6-938abc79fdfd\"},{\"properties\":{\"displayName\":\"Inherit @@ -27941,11 +36843,10 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ea556850-838d-4a37-8ce5-9d7642f95e11\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1542 - Risk Assessment\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Risk Assessment control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Ensure - Function app has 'Client Certificates (Incoming client certificates)' set - to 'On'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eab340d0-3d55-4826-a0e5-feebfeb0131d\"},{\"properties\":{\"displayName\":\"Function + apps should have 'Client Certificates (Incoming client certificates)' enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Client certificates allow for the app to request a certificate for incoming requests. - Only clients that have a valid certificate will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App + Only clients with valid certificates will be able to reach the app.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"field\":\"Microsoft.Web/sites/clientCertEnabled\",\"equals\":\"false\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eaebaea7-8013-4ceb-9d14-7eb32271373c\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft @@ -27972,9 +36873,9 @@ interactions: or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.DBforPostgreSQL/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.DBforPostgreSQL/servers/configurations\",\"name\":\"log_duration\",\"existenceCondition\":{\"field\":\"Microsoft.DBforPostgreSQL/servers/configurations/value\",\"equals\":\"ON\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\"},{\"properties\":{\"displayName\":\"Deprecated accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Deprecated accounts with owner permissions should be removed from your subscription. - \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + \ Deprecated accounts are accounts that have been blocked from signing in.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"e52064aa-6853-e252-a11e-dffc675689c2\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"},{\"properties\":{\"displayName\":\"Audit Windows machines that don't have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the application @@ -27995,9 +36896,9 @@ interactions: security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms - and two different keys.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + and two different keys.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDoubleEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\"},{\"properties\":{\"displayName\":\"[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy creates a Guest Configuration assignment to audit Linux virtual machines @@ -28035,7 +36936,16 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"eca4d7b2-65e2-4e04-95d4-c68606b063c3\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1622 - Boundary Protection\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Communications Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Deploy + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ecf56554-164d-499a-8d00-206b07c27bed\"},{\"properties\":{\"displayName\":\"Configure + Event Hub namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Event Hub namespaces. + Learn more at: https://docs.microsoft.com/azure/event-hubs/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Hub\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ed66d4f5-8220-45dc-ab4a-20d1749c74e6\"},{\"properties\":{\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Event Hub\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Key @@ -28074,10 +36984,24 @@ interactions: Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"False\"},\"logsEnabled\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Enable logs\",\"description\":\"Whether to enable logs stream to the Event Hub - True or False\"},\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingjobs\"},{\"anyOf\":[{\"value\":\"[parameters('eventHubLocation')]\",\"equals\":\"\"},{\"field\":\"location\",\"equals\":\"[parameters('eventHubLocation')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"name\":\"[parameters('profileName')]\",\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"[parameters('logsEnabled')]\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\"equals\":\"[parameters('metricsEnabled')]\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"eventHubRuleId\":{\"type\":\"string\"},\"metricsEnabled\":{\"type\":\"string\"},\"logsEnabled\":{\"type\":\"string\"},\"profileName\":{\"type\":\"string\"}},\"variables\":{},\"resources\":[{\"type\":\"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\"apiVersion\":\"2017-05-01-preview\",\"name\":\"[concat(parameters('resourceName'), - '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Microsoft + '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"location\":\"[parameters('location')]\",\"dependsOn\":[],\"properties\":{\"eventHubAuthorizationRuleId\":\"[parameters('eventHubRuleId')]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"enabled\":false,\"days\":0}}],\"logs\":[{\"category\":\"Execution\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Authoring\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}],\"outputs\":{}},\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"eventHubRuleId\":{\"value\":\"[parameters('eventHubRuleId')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"edf3780c-3d70-40fe-b17e-ab72013dafca\"},{\"properties\":{\"displayName\":\"Configure + Azure Machine Learning workspace to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Azure Machine + Learning workspaces. Learn more at: https://docs.microsoft.com/azure/machine-learning/how-to-network-security-overview.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Machine + Learning\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone id\",\"description\":\"A private DNS zone id to connect to the private + endpoint.\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"amlworkspace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"amlworkspace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee40564d-486e-4f68-a5ca-7a621edae0fb\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1189 - Configuration Change Control\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Windows + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee45e02a-4140-416c-82c4-fecfea660b9d\"},{\"properties\":{\"displayName\":\"Azure + Cognitive Search services should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that your Azure Cognitive + Search service is not exposed on the public internet. Creating private endpoints + can limit exposure of your Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Search\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Search/searchServices\"},{\"field\":\"Microsoft.Search/searchServices/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ee980b6d-0eca-4501-8d54-f6290fd512c3\"},{\"properties\":{\"displayName\":\"Windows machines should meet requirements for 'Security Options - Accounts'\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Windows machines should have the specified Group Policy settings in the category 'Security Options - Accounts' for limiting local account use of blank passwords and @@ -28105,8 +37029,14 @@ interactions: enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},{\"field\":\"kind\",\"notContains\":\"analytics\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/vulnerabilityAssessments\",\"name\":\"default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled\",\"equals\":\"True\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\"},{\"properties\":{\"displayName\":\"API - Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Virtual - network on API Management services of the specified SKU should be enabled.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"API + Management services should use a virtual network\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Azure + Virtual Network deployment provides enhanced security, isolation and allows + you to place your API Management service in a non-internet routable network + that you control access to. These networks can then be connected to your on-premises + networks using various VPN technologies, which enables access to your backend + services within the network and/or on-premises. The developer portal and API + gateway, can be configured to be accessible either from the Internet or only + within the virtual network.\",\"metadata\":{\"version\":\"1.0.1\",\"category\":\"API Management\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\"},\"evaluatedSkuNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"API Management SKU Names\",\"description\":\"List of API Management SKUs against @@ -28176,12 +37106,21 @@ interactions: TLS version should be used in your Web App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"app*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"},{\"properties\":{\"displayName\":\"Configure + Service Bus namespaces to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to Service Bus namespaces. + Learn more at: https://docs.microsoft.com/azure/service-bus-messaging/private-link-service.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Service + Bus\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS Zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"namespace\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"namespace-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f0fcf93c-c063-4071-9668-c47474bd3564\"},{\"properties\":{\"displayName\":\"Deploy Workflow Automation for Azure Security Center alerts\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Enable automation of Azure Security Center alerts. This policy deploys a workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select - the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Security + the relevant non-compliant assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"automationName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Automation name\",\"description\":\"This is the automation name.\"}},\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the workflow @@ -28192,13 +37131,14 @@ interactions: name contains\",\"description\":\"String included in the required alert name. For a full reference list of Security Center's alerts, see https://docs.microsoft.com/azure/security-center/alerts-reference.\"},\"defaultValue\":\"\"},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"logicAppResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic - App\",\"description\":\"The Logic App that is triggered. If you do not already - have a logic app, visit Logic Apps to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows).\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic + App\",\"description\":\"The Logic App that is triggered.\",\"strongType\":\"Microsoft.Logic/workflows\",\"assignPermissions\":true}},\"logicAppTrigger\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Logic app trigger\",\"description\":\"The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Alert is created or triggered'.\"},\"allowedValues\":[\"Manual (Incoming HTTP request)\",\"When an Azure Security Center Alert is created - or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + or triggered\"]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"[parameters('automationName')]\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"in\":\"[union(parameters('alertSeverities'),if(equals(parameters('alertName'), + ''), array('3.'), array(parameters('alertName'))))]\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"in\":\"[union(array('Severity'),if(equals(parameters('alertName'), + ''), array('Version'), array('AlertDisplayName')))]\"},{\"count\":{\"value\":\"[parameters('alertSeverities')]\",\"name\":\"alertSeverity\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath\",\"equals\":\"Severity\"},{\"field\":\"Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue\",\"equals\":\"[current('alertSeverity')]\"}]}},\"equals\":1}},\"equals\":\"[length(parameters('alertSeverities'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"automationName\":{\"type\":\"string\"},\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"alertName\":{\"type\":\"string\"},\"alertSeverities\":{\"type\":\"array\"},\"logicAppResourceId\":{\"type\":\"string\"},\"logicAppTrigger\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"severityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"triggerMap\":{\"Manual (Incoming HTTP request)\":\"manual\",\"When an Azure Security Center Alert @@ -28364,25 +37304,28 @@ interactions: '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b245d4-46c9-42be-9b1a-49e2b5b94194\"},{\"properties\":{\"displayName\":\"Disk encryption should be enabled on Azure Data Explorer\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Enabling disk encryption helps protect and safeguard your data to meet your organizational - security and compliance commitments.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Azure + security and compliance commitments.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Azure Data Explorer\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Kusto/Clusters\"},{\"anyOf\":[{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"exists\":false},{\"field\":\"Microsoft.Kusto/clusters/enableDiskEncryption\",\"equals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4b53539-8df9-40e4-86c6-6b607703bd4e\"},{\"properties\":{\"displayName\":\"Deploy Auditing on SQL servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"SQL\"},\"parameters\":{\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The + region as the SQL server to store audit records.\",\"metadata\":{\"version\":\"1.1.0\",\"category\":\"SQL\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"},\"retentionDays\":{\"type\":\"String\",\"metadata\":{\"description\":\"The value in days of the retention period (0 indicates unlimited retention)\",\"displayName\":\"Retention days (optional, 180 days if unspecified)\"},\"defaultValue\":\"180\"},\"storageAccountsResourceGroup\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name for storage accounts\",\"description\":\"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing - do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"DeployIfNotExists\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), + do not delete or rename the resource group or the storage accounts.\",\"strongType\":\"existingResourceGroups\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Sql/servers\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"name\":\"Default\",\"existenceCondition\":{\"field\":\"Microsoft.Sql/auditingSettings.state\",\"equals\":\"Enabled\"},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"serverName\":{\"type\":\"string\"},\"auditRetentionDays\":{\"type\":\"string\"},\"storageAccountsResourceGroup\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"variables\":{\"retentionDays\":\"[int(parameters('auditRetentionDays'))]\",\"subscriptionId\":\"[subscription().subscriptionId]\",\"uniqueStorage\":\"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\"locationCode\":\"[substring(parameters('location'), 0, 3)]\",\"storageName\":\"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\"createStorageAccountDeploymentName\":\"[concat('sqlServerAuditingStorageAccount-', - uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"templateLink\":{\"uri\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\"contentVersion\":\"1.0.0.0\"}}},{\"name\":\"[concat(parameters('serverName'), - '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"auditActionsAndGroups\":null,\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft + uniqueString(variables('locationCode'), parameters('serverName')))]\"},\"resources\":[{\"apiVersion\":\"2017-05-10\",\"name\":\"[variables('createStorageAccountDeploymentName')]\",\"type\":\"Microsoft.Resources/deployments\",\"resourceGroup\":\"[parameters('storageAccountsResourceGroup')]\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[parameters('location')]\"},\"storageName\":{\"value\":\"[variables('storageName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"type\":\"Microsoft.Storage/storageAccounts\",\"apiVersion\":\"2017-10-01\",\"name\":\"[parameters('storageName')]\",\"location\":\"[parameters('location')]\",\"sku\":{\"name\":\"Standard_LRS\"},\"kind\":\"BlobStorage\",\"tags\":{\"createdBy\":\"Azure + Policy - Configure SQL servers to have auditing enabled\"},\"properties\":{\"accessTier\":\"Hot\",\"supportsHttpsTrafficOnly\":true}}],\"outputs\":{\"storageAccountEndPoint\":{\"type\":\"string\",\"value\":\"[reference(parameters('storageName')).primaryEndpoints.blob]\"}}}}},{\"name\":\"[concat(parameters('serverName'), + '/Default')]\",\"type\":\"Microsoft.Sql/servers/auditingSettings\",\"apiVersion\":\"2017-03-01-preview\",\"properties\":{\"state\":\"Enabled\",\"storageEndpoint\":\"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\"storageAccountAccessKey\":\"[listKeys(resourceId(parameters('storageAccountsResourceGroup'), + 'Microsoft.Storage/storageAccounts', variables('storageName')), '2017-06-01').keys[0].value]\",\"retentionDays\":\"[variables('retentionDays')]\",\"storageAccountSubscriptionId\":\"[subscription().subscriptionId]\",\"isStorageSecondaryKeyInUse\":false}}]},\"parameters\":{\"serverName\":{\"value\":\"[field('name')]\"},\"auditRetentionDays\":{\"value\":\"[parameters('retentionDays')]\"},\"storageAccountsResourceGroup\":{\"value\":\"[parameters('storageAccountsResourceGroup')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1469 - Power Equipment And Cabling\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\"},{\"properties\":{\"displayName\":\"Microsoft @@ -28453,9 +37396,9 @@ interactions: virtual machines should be protected with network security groups\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Protect your virtual machines from potential threats by restricting access to them with network security groups (NSG). Learn more about controlling traffic with - NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + NSGs at https://aka.ms/nsg-doc\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"483f12ed-ae23-447e-a2de-a67a10db4353\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"},{\"properties\":{\"displayName\":\"Audit Linux machines that have accounts without passwords\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that @@ -28493,7 +37436,15 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f771f8cb-6642-45cc-9a15-8a41cd5c6977\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1449 - Physical Access Authorizations\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Physical and Environmental Protection control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"},{\"properties\":{\"displayName\":\"[Preview]: + Azure Data Factory linked services should use system-assigned managed identity + authentication when it is supported\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Using + system-assigned managed identity when communicating with data stores via linked + services avoids the use of less secured credentials such as passwords or connection + strings.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Data + Factory\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.DataFactory/factories/linkedservices\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/type\",\"in\":[\"AzureSqlDatabase\",\"AzureSqlMI\",\"AzureSqlDW\",\"AzureBlobFS\",\"AdlsGen2CosmosStructuredStream\",\"AzureDataLakeStore\",\"AzureDataLakeStoreCosmosStructuredStream\",\"AzureBlobStorage\",\"AzureDatabricks\"]},{\"anyOf\":[{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"User + ID=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString\",\"contains\":\"AccountKey=\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri\",\"exists\":\"true\"},{\"field\":\"Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken\",\"exists\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f78ccdb4-7bf4-4106-8647-270491d2978a\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1506 - Personnel Security Policy And Procedures\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Personnel Security control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\"},{\"properties\":{\"displayName\":\"Azure @@ -28516,9 +37467,9 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f82e3639-fa2b-4e06-a786-932d8379b972\"},{\"properties\":{\"displayName\":\"External accounts with owner permissions should be removed from your subscription\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"External accounts with owner permissions should be removed from your subscription in - order to prevent unmonitored access.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + order to prevent unmonitored access.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"c3b6ae71-f1f0-31b4-e6c1-d5951285d03d\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8456c1c-aa66-4dfb-861a-25d127b775c9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1345 - Cryptographic Module Authentication\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Identification and Authentication control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\"},{\"properties\":{\"displayName\":\"Microsoft @@ -28548,15 +37499,21 @@ interactions: Other System Events;ExpectedValue\",\"value\":\"[parameters('AuditOtherSystemEvents')]\"}]}}},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"type\":\"Microsoft.Compute/virtualMachines\",\"identity\":{\"type\":\"SystemAssigned\"},\"name\":\"[parameters('vmName')]\",\"location\":\"[parameters('location')]\"},{\"condition\":\"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\"apiVersion\":\"2019-07-01\",\"name\":\"[concat(parameters('vmName'), - '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Diagnostic + '/AzurePolicyforWindows')]\",\"type\":\"Microsoft.Compute/virtualMachines/extensions\",\"location\":\"[parameters('location')]\",\"properties\":{\"publisher\":\"Microsoft.GuestConfiguration\",\"type\":\"ConfigurationforWindows\",\"typeHandlerVersion\":\"1.1\",\"autoUpgradeMinorVersion\":true,\"settings\":{},\"protectedSettings\":{}},\"dependsOn\":[\"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"]}]}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8b0158d-4766-490f-bea0-259e52dba473\"},{\"properties\":{\"displayName\":\"Resource logs in Service Bus should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Service + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Service Bus\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Microsoft + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ServiceBus/namespaces\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"},{\"properties\":{\"displayName\":\"Azure + Event Grid domains should disable public network access\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling + public network access improves security by ensuring that the resource isn't + exposed on the public internet. You can limit exposure of your resources by + creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Event + Grid\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.EventGrid/domains\"},{\"field\":\"Microsoft.EventGrid/domains/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f8f774be-6aee-492a-9e29-486ef81f3a68\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Configuration Management control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory @@ -28573,22 +37530,28 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9a165d2-967d-4733-8399-1074270dae2e\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Diagnostic + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"},{\"properties\":{\"displayName\":\"Resource logs in Azure Stream Analytics should be enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Audit - enabling of diagnostic logs. This enables you to recreate activity trails - to use for investigation purposes; when a security incident occurs or when - your network is compromised\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Stream + enabling of resource logs. This enables you to recreate activity trails to + use for investigation purposes; when a security incident occurs or when your + network is compromised\",\"metadata\":{\"version\":\"4.0.1\",\"category\":\"Stream Analytics\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"},\"requiredRetentionDays\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Required - retention (days)\",\"description\":\"The required diagnostic logs retention - in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest + retention (days)\",\"description\":\"The required resource logs retention + in days\"},\"defaultValue\":\"365\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.StreamAnalytics/streamingJobs\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Insights/diagnosticSettings\",\"existenceCondition\":{\"count\":{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"equals\":\"0\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\"greaterOrEquals\":\"[parameters('requiredRetentionDays')]\"}]},{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"}]},{\"allOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\",\"equals\":\"true\"},{\"anyOf\":[{\"field\":\"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Insights/diagnosticSettings/storageAccountId\",\"exists\":false}]}]}]}},\"greaterOrEquals\":1}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"},{\"properties\":{\"displayName\":\"Latest TLS version should be used in your Function App\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Upgrade to the latest TLS version\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"App Service\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Web/sites\"},{\"field\":\"kind\",\"like\":\"functionapp*\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Web/sites/config\",\"name\":\"web\",\"existenceCondition\":{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"equals\":\"1.2\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f9d614c5-c173-4d56-95a7-b4437057d193\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Contingency Planning control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Microsoft + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa108498-b3a8-4ffb-9e79-1107e76afad3\"},{\"properties\":{\"displayName\":\"Saved-queries + in Azure Monitor should be saved in customer storage account for logs encryption\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Link + storage account to Log Analytics workspace to protect saved-queries with storage + account encryption. Customer-managed keys are commonly required to meet regulatory + compliance and for more control over the access to your saved-queries in Azure + Monitor. For more details on the above, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys?tabs=portal#customer-managed-key-for-saved-queries.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.OperationalInsights/workspaces\"},{\"not\":{\"field\":\"Microsoft.OperationalInsights/workspaces/forceCmkForQuery\",\"equals\":\"true\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa298e57-9444-42ba-bf04-86e8470e32c7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa298e57-9444-42ba-bf04-86e8470e32c7\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Access Control control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fa4c2a3d-1294-41a3-9ada-0e540471e9fb\"},{\"properties\":{\"displayName\":\"Microsoft @@ -28634,7 +37597,24 @@ interactions: on Azure Storage encryption at rest can be found here https://aka.ms/azurestoragebyok. \",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Monitoring\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Insights/logProfiles\"},{\"field\":\"Microsoft.Insights/logProfiles/storageAccountId\",\"exists\":\"true\"}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Storage/storageAccounts\",\"existenceScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"value\":\"[contains(field('Microsoft.Insights/logProfiles/storageAccountId'), - subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"[Preview]: + subscription().Id)]\",\"equals\":\"true\"},{\"field\":\"name\",\"equals\":\"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"},{\"field\":\"Microsoft.Storage/storageAccounts/encryption.keySource\",\"equals\":\"Microsoft.Keyvault\"}]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"},{\"properties\":{\"displayName\":\"Configure + Azure Cognitive Search services to use private DNS zones\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + private DNS zones to override the DNS resolution for a private endpoint. A + private DNS zone links to your virtual network to resolve to your Azure Cognitive + Search service. Learn more at: https://aka.ms/azure-cognitive-search/inbound-private-endpoints.\",\"metadata\":{\"category\":\"Search\",\"version\":\"1.0.0\"},\"parameters\":{\"privateDnsZoneId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Private + DNS zone ID\",\"description\":\"Specifies the private DNS zone to use to configure + private endpoint\",\"strongType\":\"Microsoft.Network/privateDnsZones\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Network/privateEndpoints\"},{\"count\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"where\":{\"field\":\"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\"equals\":\"searchService\"}},\"greaterOrEquals\":1}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"privateDnsZoneId\":{\"type\":\"string\"},\"privateEndpointName\":{\"type\":\"string\"},\"location\":{\"type\":\"string\"}},\"resources\":[{\"name\":\"[concat(parameters('privateEndpointName'), + '/deployedByPolicy')]\",\"type\":\"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\"apiVersion\":\"2020-03-01\",\"location\":\"[parameters('location')]\",\"properties\":{\"privateDnsZoneConfigs\":[{\"name\":\"searchService-privateDnsZone\",\"properties\":{\"privateDnsZoneId\":\"[parameters('privateDnsZoneId')]\"}}]}}]},\"parameters\":{\"privateDnsZoneId\":{\"value\":\"[parameters('privateDnsZoneId')]\"},\"privateEndpointName\":{\"value\":\"[field('name')]\"},\"location\":{\"value\":\"[field('location')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fbc14a67-53e4-4932-abcc-2049c6706009\"},{\"properties\":{\"displayName\":\"Virtual + machines and virtual machine scale sets should have encryption at host enabled\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Use + encryption at host to get end-to-end encryption for your virtual machine and + virtual machine scale set data. Encryption at host enables encryption at rest + for your temporary disk and OS/data disk caches. Temporary and ephemeral OS + disks are encrypted with platform-managed keys when encryption at host is + enabled. OS/data disk caches are encrypted at rest with either customer-managed + or platform-managed key, depending on the encryption type selected on the + disk. Learn more at https://aka.ms/vm-hbe.\",\"metadata\":{\"category\":\"Compute\",\"version\":\"1.0.0\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable + or disable the execution of the policy\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"field\":\"Microsoft.Compute/virtualMachines/securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\"},{\"field\":\"Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.securityProfile.encryptionAtHost\",\"notEquals\":\"true\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc4d8e41-e223-45ea-9bf5-eada37891d87\"},{\"properties\":{\"displayName\":\"[Preview]: All Internet traffic should be routed via your deployed Azure Firewall\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats @@ -28652,10 +37632,10 @@ interactions: that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines should meet the requirements for the Azure security baseline\",\"metadata\":{\"category\":\"Guest - Configuration\",\"version\":\"1.0.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"LinuxOMSBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Configuration\",\"version\":\"1.1.0-preview\",\"preview\":true,\"requiredProviders\":[\"Microsoft.GuestConfiguration\"],\"guestConfiguration\":{\"name\":\"AzureLinuxBaseline\",\"version\":\"1.*\"}},\"parameters\":{\"IncludeArcMachines\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Include Arc connected servers\",\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\"},\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"false\"},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"LinuxOMSBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Effect\",\"description\":\"Enable or disable the execution of this policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"value\":\"[parameters('IncludeArcMachines')]\",\"equals\":\"true\"},{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"AzureLinuxBaseline\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fc9b3da7-8347-4380-8e70-0a0361d8dedd\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -28684,8 +37664,8 @@ interactions: Source\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Audit and Accountability control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\"},{\"properties\":{\"displayName\":\"Public - network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disabling - the public network access property improves security by ensuring your Azure + network access should be disabled for MariaDB servers\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Disable + the public network access property to improve security and ensure your Azure Database for MariaDB can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall @@ -28699,7 +37679,14 @@ interactions: Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1613 - Developer Security Architecture And Design\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this System and Services Acquisition control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory - Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe2ad78b-8748-4bff-a924-f74dfca93f30\"},{\"properties\":{\"displayName\":\"Cognitive + Services accounts should use a managed identity\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Assigning + a managed identity to your Cognitive Service account helps ensure secure authentication. + This identity is used by this Cognitive service account to communicate with + other Azure services, like Azure Key Vault, in a secure way without you having + to manage any credentials.\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Cognitive + Services\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"The + effect determines what happens when the policy rule is evaluated to match\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.CognitiveServices/accounts\"},{\"anyOf\":[{\"field\":\"identity.type\",\"exists\":\"false\"},{\"field\":\"identity.type\",\"equals\":\"None\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fe3fd216-4f83-4fc1-8984-2bbec80a3418\"},{\"properties\":{\"displayName\":\"[Deprecated]: Show audit results from Linux VMs that do not have the specified applications installed\",\"policyType\":\"BuiltIn\",\"mode\":\"All\",\"description\":\"This policy should only be used along with its corresponding deploy policy in an @@ -28710,9 +37697,9 @@ interactions: Configuration\",\"deprecated\":true},\"policyRule\":{\"if\":{\"anyOf\":[{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.Compute/virtualMachines\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"in\":[\"microsoft-aks\",\"qubole-inc\",\"datastax\",\"couchbase\",\"scalegrid\",\"checkpoint\",\"paloaltonetworks\",\"debian\"]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"OpenLogic\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"CentOS*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Oracle\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Oracle-Linux\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"RHEL\",\"RHEL-HA\",\"RHEL-SAP\",\"RHEL-SAP-APPS\",\"RHEL-SAP-HA\",\"RHEL-SAP-HANA\"]},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"RedHat\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"osa\",\"rhel-byos\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"center-for-internet-security-inc\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"cis-centos-7-l1\",\"cis-centos-7-v2-1-1-l1\",\"cis-centos-8-l1\",\"cis-debian-linux-8-l1\",\"cis-debian-linux-9-l1\",\"cis-nginx-centos-7-v1-1-0-l1\",\"cis-oracle-linux-7-v2-0-0-l1\",\"cis-oracle-linux-8-l1\",\"cis-postgresql-11-centos-linux-7-level-1\",\"cis-rhel-7-l2\",\"cis-rhel-7-v2-2-0-l1\",\"cis-rhel-8-l1\",\"cis-suse-linux-12-v2-0-0-l1\",\"cis-ubuntu-linux-1604-v1-0-0-l1\",\"cis-ubuntu-linux-1804-l1\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"credativ\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"Debian\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"7*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Suse\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"SLES*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"11*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"Canonical\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"UbuntuServer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"12*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-dsvm\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"in\":[\"linux-data-science-vm-ubuntu\",\"azureml\"]}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-centos-os\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"notLike\":\"6*\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"cloudera\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"equals\":\"cloudera-altus-centos-os\"}]},{\"allOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"equals\":\"microsoft-ads\"},{\"field\":\"Microsoft.Compute/imageOffer\",\"like\":\"linux*\"}]},{\"allOf\":[{\"anyOf\":[{\"field\":\"Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration\",\"exists\":\"true\"},{\"field\":\"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\"like\":\"Linux*\"}]},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imagePublisher\",\"exists\":\"false\"},{\"field\":\"Microsoft.Compute/imagePublisher\",\"notIn\":[\"OpenLogic\",\"RedHat\",\"credativ\",\"Suse\",\"Canonical\",\"microsoft-dsvm\",\"cloudera\",\"microsoft-ads\",\"center-for-internet-security-inc\",\"Oracle\"]}]}]}]}]},{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.HybridCompute/machines\"},{\"field\":\"Microsoft.HybridCompute/imageOffer\",\"like\":\"linux*\"}]}]},\"then\":{\"effect\":\"auditIfNotExists\",\"details\":{\"type\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\"name\":\"installed_application_linux\",\"existenceCondition\":{\"field\":\"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\"equals\":\"Compliant\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"},{\"properties\":{\"displayName\":\"Vulnerabilities on your SQL databases should be remediated\",\"policyType\":\"BuiltIn\",\"mode\":\"Indexed\",\"description\":\"Monitor Vulnerability Assessment scan results and recommendations for how to remediate - database vulnerabilities.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security + database vulnerabilities.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"Enable - or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft + or disable the execution of the policy\"},\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"Microsoft.Sql/servers\",\"Microsoft.Sql/managedinstances\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"type\":\"Microsoft.Security/assessments\",\"name\":\"82e20e14-edc5-4373-bfc4-f13121257c37\",\"existenceCondition\":{\"field\":\"Microsoft.Security/assessments/status.code\",\"in\":[\"NotApplicable\",\"Healthy\"]}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"feedbf84-6b99-488c-acc2-71c829aa5ffc\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Maintenance control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ff9fbd83-1d8d-4b41-aac2-94cb44b33976\"},{\"properties\":{\"displayName\":\"Deploy @@ -28721,7 +37708,7 @@ interactions: deploys an export to Log Analytics workspace configuration with your conditions and target workspace on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant - assignment and create a remediation task.\",\"metadata\":{\"version\":\"2.0.0\",\"category\":\"Security + assignment and create a remediation task.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Security Center\"},\"parameters\":{\"resourceGroupName\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group name\",\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for @@ -28730,17 +37717,20 @@ interactions: configured.\"}},\"resourceGroupLocation\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Resource group location\",\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"strongType\":\"location\"}},\"exportedDataTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Exported - data types\",\"description\":\"The data types to be exported. Example: Security - recommendations;Security alerts;Secure scores;Secure score controls;\"},\"allowedValues\":[\"Security + data types\",\"description\":\"The data types to be exported. To export a + snapshot (preview) of the data once a week, choose the data types which contains + 'snapshot', other data types will be sent in real-time streaming.\"},\"allowedValues\":[\"Security + recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall secure score\",\"Secure score - controls\"],\"defaultValue\":[\"Security recommendations\",\"Security alerts\",\"Overall - secure score\",\"Secure score controls\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + controls\",\"Regulatory compliance\",\"Overall secure score - snapshot\",\"Secure + score controls - snapshot\",\"Regulatory compliance - snapshot\"]},\"recommendationNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation IDs\",\"description\":\"Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments.\"},\"defaultValue\":[]},\"recommendationSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Recommendation severities\",\"description\":\"Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"isSecurityFindingsEnabled\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Include security findings\",\"description\":\"Security findings are results from vulnerability @@ -28751,41 +37741,64 @@ interactions: export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), - or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), - choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols.\"},\"defaultValue\":[]},\"alertSeverities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Alert severities\",\"description\":\"Applicable only for export of security alerts. - Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log + Determines alert severities. Example: High;Medium;Low;\"},\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":[\"High\",\"Medium\",\"Low\"]},\"regulatoryComplianceStandardsNames\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Regulatory + compliance standards names\",\"description\":\"Applicable only for export + of regulatory compliance. To export all regulatory compliance, leave this + empty. To export specific regulatory compliance standards, enter a list of + these standards names separated by semicolons (';'). Regulatory compliance + standards names are available through the regulatory compliance standards + API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), + or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards.\"},\"defaultValue\":[]},\"workspaceResourceId\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Log Analytics workspace\",\"description\":\"The Log Analytics workspace of where - the data should be exported to. If you do not already have a log analytics - workspace, visit Log Analytics workspaces to create one (https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces).\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope + the data should be exported to.\",\"strongType\":\"Microsoft.OperationalInsights/workspaces\",\"assignPermissions\":true}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.Resources/subscriptions\"},\"then\":{\"effect\":\"deployIfNotExists\",\"details\":{\"type\":\"Microsoft.Security/automations\",\"name\":\"ExportToWorkspace\",\"existenceScope\":\"resourcegroup\",\"ResourceGroupName\":\"[parameters('resourceGroupName')]\",\"deploymentScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"existenceCondition\":{\"allOf\":[{\"field\":\"Microsoft.Security/automations/isEnabled\",\"equals\":true},{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\"},\"equals\":\"[if(parameters('isSecurityFindingsEnabled'),add(length(parameters('exportedDataTypes')),1),length(parameters('exportedDataTypes')))]\"},{\"count\":{\"value\":\"[parameters('exportedDataTypes')]\",\"name\":\"dataType\",\"where\":{\"count\":{\"field\":\"Microsoft.Security/automations/sources[*]\",\"where\":{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Assessments\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + recommendations\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"Alerts\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Security + alerts\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScores\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControls\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessment\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoresSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Overall + secure score - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"SecureScoreControlsSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Secure + score controls - snapshot\"}]},{\"allOf\":[{\"field\":\"Microsoft.Security/automations/sources[*].eventSource\",\"equals\":\"RegulatoryComplianceAssessmentSnapshot\"},{\"value\":\"[current('dataType')]\",\"equals\":\"Regulatory + compliance - snapshot\"}]}]}},\"equals\":1}},\"equals\":\"[length(parameters('exportedDataTypes'))]\"}]},\"deployment\":{\"location\":\"westeurope\",\"properties\":{\"mode\":\"incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"resourceGroupName\":{\"type\":\"string\"},\"resourceGroupLocation\":{\"type\":\"string\"},\"exportedDataTypes\":{\"type\":\"array\"},\"isSecurityFindingsEnabled\":{\"type\":\"bool\"},\"recommendationNames\":{\"type\":\"array\"},\"recommendationSeverities\":{\"type\":\"array\"},\"alertSeverities\":{\"type\":\"array\"},\"secureScoreControlsNames\":{\"type\":\"array\"},\"regulatoryComplianceStandardsNames\":{\"type\":\"array\"},\"workspaceResourceId\":{\"type\":\"string\"},\"guidValue\":{\"type\":\"string\",\"defaultValue\":\"[newGuid()]\"}},\"variables\":{\"scopeDescription\":\"scope for subscription {0}\",\"subAssessmentRuleExpectedValue\":\"/assessments/{0}/\",\"recommendationNamesLength\":\"[length(parameters('recommendationNames'))]\",\"secureScoreControlsNamesLength\":\"[length(parameters('secureScoreControlsNames'))]\",\"secureScoreControlsLengthIfEmpty\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), 1, variables('secureScoreControlsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), + 0), 1, variables('secureScoreControlsNamesLength'))]\",\"regulatoryComplianceStandardsNamesLength\":\"[length(parameters('regulatoryComplianceStandardsNames'))]\",\"regulatoryComplianceStandardsNamesLengthIfEmpty\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]\",\"recommendationSeveritiesLength\":\"[length(parameters('recommendationSeverities'))]\",\"alertSeveritiesLength\":\"[length(parameters('alertSeverities'))]\",\"recommendationNamesLengthIfEmpty\":\"[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]\",\"recommendationSeveritiesLengthIfEmpty\":\"[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]\",\"alertSeveritiesLengthIfEmpty\":\"[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]\",\"totalRuleCombinationsForOneRecommendationName\":\"[variables('recommendationSeveritiesLengthIfEmpty')]\",\"totalRuleCombinationsForOneRecommendationSeverity\":1,\"exportedDataTypesLength\":\"[length(parameters('exportedDataTypes'))]\",\"exportedDataTypesLengthIfEmpty\":\"[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]\",\"dataTypeMap\":{\"Security recommendations\":\"Assessments\",\"Security alerts\":\"Alerts\",\"Overall - secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), + secure score\":\"SecureScores\",\"Secure score controls\":\"SecureScoreControls\",\"Regulatory + compliance\":\"RegulatoryComplianceAssessment\",\"Overall secure score - snapshot\":\"SecureScoresSnapshot\",\"Secure + score controls - snapshot\":\"SecureScoreControlsSnapshot\",\"Regulatory compliance + - snapshot\":\"RegulatoryComplianceAssessmentSnapshot\"},\"alertSeverityMap\":{\"High\":\"high\",\"Medium\":\"medium\",\"Low\":\"low\"},\"ruleSetsForAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForAssessmentsArr\",\"count\":\"[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]\",\"input\":{\"rules\":[{\"propertyJPath\":\"[if(equals(variables('recommendationNamesLength'),0),'type','name')]\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]\",\"operator\":\"Contains\"},{\"propertyJPath\":\"properties.metadata.severity\",\"propertyType\":\"string\",\"expectedValue\":\"[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSubAssessmentsObj\":{\"copy\":[{\"name\":\"ruleSetsForSubAssessmentsArr\",\"count\":\"[variables('recommendationNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForAlertsObj\":{\"copy\":[{\"name\":\"ruleSetsForAlertsArr\",\"count\":\"[variables('alertSeveritiesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"Severity\",\"propertyType\":\"string\",\"expectedValue\":\"[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForSecureScoreControlsObj\":{\"copy\":[{\"name\":\"ruleSetsForSecureScoreControlsArr\",\"count\":\"[variables('secureScoreControlsLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"name\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), - 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), + 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]\",\"operator\":\"Equals\"}]}}]},\"customRuleSetsForRegulatoryComplianceObj\":{\"copy\":[{\"name\":\"ruleSetsForRegulatoryCompliancArr\",\"count\":\"[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]\",\"input\":{\"rules\":[{\"propertyJPath\":\"id\",\"propertyType\":\"string\",\"expectedValue\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]\",\"operator\":\"Contains\"}]}}]},\"ruleSetsForSecureScoreControlsObj\":\"[if(equals(variables('secureScoreControlsNamesLength'), + 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]\",\"ruleSetsForSecureRegulatoryComplianceObj\":\"[if(equals(variables('regulatoryComplianceStandardsNamesLength'), + 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]\",\"ruleSetsForSubAssessmentsObj\":\"[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]\",\"subAssessmentSource\":[{\"eventSource\":\"SubAssessments\",\"ruleSets\":\"[variables('ruleSetsForSubAssessmentsObj')]\"}],\"ruleSetsMap\":{\"Security recommendations\":\"[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]\",\"Security alerts\":\"[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]\",\"Overall - secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', + secure score\":null,\"Secure score controls\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\",\"Overall + secure score - snapshot\":null,\"Secure score controls - snapshot\":\"[variables('ruleSetsForSecureScoreControlsObj')]\",\"Regulatory + compliance - snapshot\":\"[variables('ruleSetsForSecureRegulatoryComplianceObj')]\"},\"sourcesWithoutSubAssessments\":{\"copy\":[{\"name\":\"sources\",\"count\":\"[variables('exportedDataTypesLengthIfEmpty')]\",\"input\":{\"eventSource\":\"[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\",\"ruleSets\":\"[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]\"}}]},\"sourcesWithSubAssessments\":\"[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]\",\"sources\":\"[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]\"},\"resources\":[{\"name\":\"[parameters('resourceGroupName')]\",\"type\":\"Microsoft.Resources/resourceGroups\",\"apiVersion\":\"2019-10-01\",\"location\":\"[parameters('resourceGroupLocation')]\",\"tags\":{},\"properties\":{}},{\"type\":\"Microsoft.Resources/deployments\",\"apiVersion\":\"2019-10-01\",\"name\":\"[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]\",\"resourceGroup\":\"[parameters('resourceGroupName')]\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]\"],\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{},\"variables\":{},\"resources\":[{\"tags\":{},\"apiVersion\":\"2019-01-01-preview\",\"location\":\"[parameters('resourceGroupLocation')]\",\"name\":\"ExportToWorkspace\",\"type\":\"Microsoft.Security/automations\",\"dependsOn\":[],\"properties\":{\"description\":\"Export Azure Security Center data to Log Analytics workspace via policy\",\"isEnabled\":true,\"scopes\":[{\"description\":\"[replace(variables('scopeDescription'),'{0}', - subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft + subscription().subscriptionId)]\",\"scopePath\":\"[subscription().id]\"}],\"sources\":\"[variables('sources')]\",\"actions\":[{\"actionType\":\"Workspace\",\"workspaceResourceId\":\"[parameters('workspaceResourceId')]\"}]}}]}}}]},\"parameters\":{\"resourceGroupName\":{\"value\":\"[parameters('resourceGroupName')]\"},\"resourceGroupLocation\":{\"value\":\"[parameters('resourceGroupLocation')]\"},\"exportedDataTypes\":{\"value\":\"[parameters('exportedDataTypes')]\"},\"isSecurityFindingsEnabled\":{\"value\":\"[parameters('isSecurityFindingsEnabled')]\"},\"recommendationNames\":{\"value\":\"[parameters('recommendationNames')]\"},\"secureScoreControlsNames\":{\"value\":\"[parameters('secureScoreControlsNames')]\"},\"recommendationSeverities\":{\"value\":\"[parameters('recommendationSeverities')]\"},\"alertSeverities\":{\"value\":\"[parameters('alertSeverities')]\"},\"regulatoryComplianceStandardsNames\":{\"value\":\"[parameters('regulatoryComplianceStandardsNames')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('workspaceResourceId')]\"}}}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"ffb6f416-7bd2-4488-8828-56585fef2be9\"},{\"properties\":{\"displayName\":\"Microsoft Managed Control 1158 - Security Authorization\",\"policyType\":\"Static\",\"mode\":\"Indexed\",\"description\":\"Microsoft implements this Security Assessment and Authorization control\",\"metadata\":{\"version\":\"1.0.0\",\"category\":\"Regulatory Compliance\",\"additionalMetadataId\":\"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158\"},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Resources/subscriptions\",\"Microsoft.Resources/subscriptions/resourceGroups\"]},{\"value\":\"false\",\"equals\":\"true\"}]},\"then\":{\"effect\":\"audit\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"fff50cf2-28eb-45b4-b378-c99412688907\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod hostPath volumes can only use allowed host paths in a Kubernetes - Cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pod hostPath volumes should only use allowed host paths\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Limit + pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -28793,10 +37806,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedHostPaths\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed host paths\",\"description\":\"The host paths allowed for pod hostPath volumes - to use. Provide an empty paths list to block all host paths.\",\"schema\":{\"type\":\"object\",\"properties\":{\"paths\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"pathPrefix\":{\"type\":\"string\"},\"readOnly\":{\"type\":\"boolean\"}},\"required\":[\"pathPrefix\",\"readOnly\"],\"additionalProperties\":false}}},\"required\":[\"paths\"],\"additionalProperties\":false}},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-host-paths/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: + to use. Provide an empty paths list to block all host paths.\"},\"defaultValue\":{\"paths\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-host-paths/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedHostPaths\":\"[parameters('allowedHostPaths').paths]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"098fc59e-46c7-4d99-9b16-64990e543d75\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time that a certificate can be valid within your key vault.\",\"metadata\":{\"version\":\"2.1.0-preview\",\"category\":\"Key @@ -28841,7 +37856,7 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"anyOf\":[{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\"less\":\"[parameters('minimumDaysBeforeExpiry')]\"}]},{\"allOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"exists\":true},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\"greater\":\"[parameters('maximumPercentageLife')]\"}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"12ef42cb-9903-4e39-9c26-422d29570417\"},{\"properties\":{\"displayName\":\"[Preview]: - Keys should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic + Key Vault keys should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Cryptographic keys should have a defined expiration date and not be permanent. Keys that are valid forever provide a potential attacker with more time to compromise the key. It is a recommended security practice to set expiration dates on @@ -28850,11 +37865,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods can only use allowed volume types in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use allowed volume types\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + can only use allowed volume types in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -28862,10 +37878,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedVolumeTypes\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed volume types\",\"description\":\"The list of volume types that can be used by a pod. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-volume-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-volume-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"volumes\":\"[parameters('allowedVolumeTypes')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16697877-1118-4fb1-9b65-9898ec2509ec\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16697877-1118-4fb1-9b65-9898ec2509ec\"},{\"properties\":{\"displayName\":\"[Deprecated]: Enforce labels on pods in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -28873,24 +37891,28 @@ interactions: service\",\"deprecated\":true},\"parameters\":{\"commaSeparatedListOfLabels\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: Comma-separated list of labels\",\"description\":\"A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Enforce - HTTPS ingress in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"PodEnforceLabels\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\"policyParameters\":{\"commaSeparatedListOfLabels\":\"[parameters('commaSeparatedListOfLabels')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should be accessible only over HTTPS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + of HTTPS ensures authentication and protects data in transit from network + layer eavesdropping attacks. This capability is currently generally available + for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc + enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes - clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow containers to use privilege escalation in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/ingress-https-only/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should not allow container privilege escalation\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow containers to run with privilege escalation to root in a Kubernetes + cluster. This recommendation is part of CIS 5.2.5 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -28898,8 +37920,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege-escalation/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege-escalation/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\"},{\"properties\":{\"displayName\":\"[Preview]: Configure log filter expressions and datastore to be used for full logs for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide log filter expression and datastore to be used for full @@ -28913,22 +37937,24 @@ interactions: used to filter logs. Ex. ^prefix1.*$\"},\"defaultValue\":[]},\"datastore\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Datastore\",\"description\":\"Datastore used to store filtered logs. Ex. LogsDatastore which is configured in AML.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Ensure - services listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces services to listen only on allowed ports in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - service ports list\",\"description\":\"The list of service ports allowed in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"logFilter\",\"value\":{\"filters\":\"[parameters('logFilters')]\",\"datastore\":\"[parameters('datastore')]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/1d413020-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"1d413020-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should listen only on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + services to listen only on allowed ports to secure access to the Kubernetes + cluster. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedServicePortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + service ports list\",\"description\":\"The list of service ports allowed in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/service-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedServicePorts\":\"[parameters('allowedServicePortsList')]\",\"allowedPorts\":\"[parameters('allowedServicePortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"233a2a17-77ca-4fb1-9b6b-69223d272a44\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure services listen only on allowed ports in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy enforces services to listen only on allowed ports in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc @@ -28966,24 +37992,25 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"approvalEndpoint\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Approval endpoint\",\"description\":\"Approval endpoint that needs to be called before an Azure ML job is run. Ex. http://amlrunapproval/approve\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: - Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Enforce - internal load balancers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces load balancers do not have public IPs in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"approvalEndpoint\",\"value\":\"[parameters('approvalEndpoint')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3948394e-63de-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3948394e-63de-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes + clusters should use internal load balancers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + internal load balancers to make a Kubernetes service accessible only to applications + running in the same virtual network as the Kubernetes cluster. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/load-balancer-no-public-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should disable automounting API credentials\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Disable automounting API credentials to prevent a potentially compromised Pod resource - to run API commands against Kubernetes clusters. For instructions on using - this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + to run API commands against Kubernetes clusters. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: @@ -28991,43 +38018,51 @@ interactions: exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied - to all resources in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-automount-token/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Ensure - containers listen only on allowed ports in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces containers to listen only on allowed ports in a Kubernetes + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-automount-token/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"423dd1ba-798e-40e4-9c4d-b6902674b423\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only listen on allowed ports\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + containers to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed - container ports list\",\"description\":\"The list of container ports allowed - in a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Enforce - labels on pods in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy enforces the specified labels are provided for pods in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List - of labels\",\"description\":\"The list of labels to be specified on Pods in - a Kubernetes cluster.\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerPortsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + container ports list\",\"description\":\"The list of container ports allowed + in a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerPorts\":\"[parameters('allowedContainerPortsList')]\",\"allowedPorts\":\"[parameters('allowedContainerPortsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"440b515e-a580-421e-abeb-b159a61ddcbc\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods should use specified labels\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + specified labels to identify the pods in a Kubernetes cluster. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy blocks pod containers from sharing the host process ID namespace and - host IPC namespace in a Kubernetes cluster. This policy is generally available - for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled - Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"labelsList\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"List + of labels\",\"description\":\"The list of labels to be specified on Pods in + a Kubernetes cluster.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/pod-enforce-labels/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"labels\":\"[parameters('labelsList')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should not share host process ID or host IPC namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Block + pod containers from sharing the host process ID namespace and host IPC namespace + in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS + 5.2.3 which are intended to improve the security of your Kubernetes environments. + This policy is generally available for Kubernetes Service (AKS), and preview + for AKS Engine and Azure Arc enabled Kubernetes. For more information, see + https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29035,8 +38070,10 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-host-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-host-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should have the specified maximum validity period\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the maximum amount of time in days that a key can be valid within your key vault.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Key @@ -29048,11 +38085,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"anyOf\":[{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"exists\":false},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn\",\"greater\":\"[addDays(field('Microsoft.KeyVault.Data/vaults/keys/attributes.createdOn'), parameters('maximumValidityInDays'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"49a22571-d204-4c91-a7b6-09b1a586fbc9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed AppArmor profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed AppArmor profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29060,11 +38098,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed AppArmor profiles\",\"description\":\"The list of AppArmor profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/enforce-apparmor-profile/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/enforce-apparmor-profile/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/511f5417-5d12-434d-ab2e-816901e72a5e\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"511f5417-5d12-434d-ab2e-816901e72a5e\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed module authors for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide allowed module authors in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit @@ -29075,11 +38115,12 @@ interactions: no value is provided to this parameter then policy is applicable to all computes.\"},\"defaultValue\":[]},\"allowedModuleAuthors\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Allowed module authors\",\"description\":\"List of allowed module authors.\"},\"defaultValue\":[]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"Enable or disable the execution of the policy.\"},\"allowedValues\":[\"enforceSetting\",\"disabled\"],\"defaultValue\":\"enforceSetting\"}},\"policyRule\":{\"if\":{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices.Data/workspaces/computes/name\",\"in\":\"[parameters('computeNames')]\"},{\"value\":\"[length(parameters('computeNames'))]\",\"equals\":0}]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"setting\":{\"name\":\"allowedModuleAuthors\",\"value\":\"[parameters('allowedModuleAuthors')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/53c70b02-63dd-11ea-bc55-0242ac130003\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"53c70b02-63dd-11ea-bc55-0242ac130003\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers do not use forbidden sysctl interfaces in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should not use forbidden sysctl interfaces\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Containers + should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29087,11 +38128,13 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"forbiddenSysctls\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Forbidden sysctls\",\"description\":\"The list of plain sysctl names or sysctl patterns which end with *. The string * matches all sysctls. For more information, visit https://aka.ms/k8s-policy-sysctl-interfaces.\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/forbidden-sysctl-interfaces/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/forbidden-sysctl-interfaces/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"forbiddenSysctls\":\"[parameters('forbiddenSysctls')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/56d0a13f-712f-466b-8416-56fb354fb823\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"56d0a13f-712f-466b-8416-56fb354fb823\"},{\"properties\":{\"displayName\":\"[Preview]: Configure allowed registries for specified Azure Machine Learning computes\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.MachineLearningServices.Data\",\"description\":\"This policy helps provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, @@ -29185,11 +38228,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/keys\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keyType\",\"in\":[\"RSA\",\"RSA-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/keys/keySize\",\"less\":\"[parameters('minimumRSAKeySize')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82067dbb-e53b-4e06-b631-546d197452d9\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls pod access to the host network and the allowable host port - range in a Kubernetes cluster. This policy is generally available for Kubernetes - Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. - For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods should only use approved host network and port range\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + pod access to the host network and the allowable host port range in a Kubernetes + cluster. This recommendation is part of CIS 5.2.4 which is intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29197,14 +38241,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowHostNetwork\":{\"type\":\"Boolean\",\"metadata\":{\"displayName\":\"Allow host network usage\",\"description\":\"Set this value to true if pod is allowed to use host network otherwise false.\"},\"defaultValue\":false},\"minPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Min host port\",\"description\":\"The minimum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0},\"maxPort\":{\"type\":\"Integer\",\"metadata\":{\"displayName\":\"Max host port\",\"description\":\"The maximum value in the allowable host port range that pods can use in the host network namespace.\"},\"defaultValue\":0}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/host-network-ports/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/host-network-ports/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowHostNetwork\":\"[parameters('allowHostNetwork')]\",\"minPort\":\"[parameters('minPort')]\",\"maxPort\":\"[parameters('maxPort')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"82985f06-dc18-4a48-bc1c-b9f4f0098cfe\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the Azure integrated certificate authorities that can issue certificates in your key vault such @@ -29214,25 +38260,29 @@ interactions: certificate authorities supported by Azure Key Vault.\"},\"allowedValues\":[\"DigiCert\",\"GlobalSign\"],\"defaultValue\":[\"DigiCert\",\"GlobalSign\"]},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' - turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Do - not allow privileged containers in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy does not allow privileged containers creation in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\"notIn\":\"[parameters('allowedCAs')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"8e826246-c976-48f6-b03e-619bb92b3d82\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster should not allow privileged containers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Do + not allow privileged containers creation in a Kubernetes cluster. This recommendation + is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes + environments. This policy is generally available for Kubernetes Service (AKS), + and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, + see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed seccomp profiles in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-no-privilege/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"95edb821-ddaf-4404-9732-666045e056b4\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed seccomp profiles\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed seccomp profiles in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29240,13 +38290,17 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedProfiles\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed seccomp profiles\",\"description\":\"The list of seccomp profiles that containers are allowed to use. E.g. 'runtime/default;docker/default'. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-seccomp-profiles/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: - Secrets should have expiration dates set\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"It - is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedProfiles\":\"[parameters('allowedProfiles')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/975ce327-682c-4f2e-aa46-b9598289b86c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"975ce327-682c-4f2e-aa46-b9598289b86c\"},{\"properties\":{\"displayName\":\"[Preview]: + Key Vault secrets should have an expiration date\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Secrets + should have a defined expiration date and not be permanent. Secrets that are + valid forever provide a potential attacker with more time to compromise them. + It is a recommended security practice to set expiration dates on secrets.\",\"metadata\":{\"version\":\"1.0.1-preview\",\"category\":\"Key Vault\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' @@ -29254,7 +38308,7 @@ interactions: Kubernetes clusters should not use the default namespace\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. - For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: @@ -29262,8 +38316,11 @@ interactions: exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied - to all resources in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/block-default-namespace/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/block-default-namespace/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"9f061a12-e40d-4183-a00e-171812443373\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should be issued by the specified non-integrated certificate authority\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage your organizational compliance requirements by specifying the custom or internal @@ -29277,8 +38334,7 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName\",\"notContains\":\"[parameters('caCommonName')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a22f4a40-01d3-4c7d-8071-da157eeff341\"},{\"properties\":{\"displayName\":\"[Preview]: Kubernetes clusters should not use specific security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Prevent specific security capabilities in Kubernetes clusters to prevent ungranted - privileges on the Pod resource. For instructions on using this policy, please - visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"1.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: @@ -29286,10 +38342,13 @@ interactions: exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied - to all resources in all namespaces.\"},\"defaultValue\":[]},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}},\"disallowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: Blocked capabilities\",\"description\":\"List of capabilities that containers are not able to use\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-disallowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"[parameters('disallowedCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a27c700f-8a22-44ec-961c-41625264370b\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"a27c700f-8a22-44ec-961c-41625264370b\"},{\"properties\":{\"displayName\":\"[Deprecated]: Ensure CPU and memory resource limits defined on containers in AKS\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.ContainerService.Data\",\"description\":\"This policy ensures CPU and memory resource limits are defined on containers in an Azure Kubernetes Service cluster. This policy is deprecated, please visit @@ -29334,11 +38393,12 @@ interactions: Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\"in\":[\"EC\",\"EC-HSM\"]},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName\",\"notIn\":\"[parameters('allowedECNames')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"bd78111f-4953-4367-9fd5-7e08808b54bf\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed capabilities in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Restrict + the capabilities to reduce the attack surface of containers in a Kubernetes + cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are + intended to improve the security of your Kubernetes environments. This policy + is generally available for Kubernetes Service (AKS), and preview for AKS Engine + and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29346,12 +38406,14 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed capabilities\",\"description\":\"The list of capabilities that are allowed to be added to a container. Provide empty list as input to block everything.\"},\"defaultValue\":[]},\"requiredDropCapabilities\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Required drop capabilities\",\"description\":\"The list of capabilities that must be dropped by a container.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedCapabilities\":\"[parameters('allowedCapabilities')]\",\"requiredDropCapabilities\":\"[parameters('requiredDropCapabilities')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"c26596ff-4d70-4e6a-9a30-c2506bd2f80c\"},{\"properties\":{\"displayName\":\"[Preview]: Keys should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Specify the number of days that a key should be active. Keys that are used for an extended period of time increase the probability that an attacker could compromise @@ -29379,12 +38441,43 @@ interactions: Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.\",\"metadata\":{\"version\":\"1.0.1-deprecated\",\"category\":\"Kubernetes service\",\"deprecated\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Deprecated]: - Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers run with a read only root file system in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc/.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Effect\",\"description\":\"Enable or disable the execution of the policy\"},\"allowedValues\":[\"EnforceRegoPolicy\",\"Disabled\"],\"defaultValue\":\"EnforceRegoPolicy\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"equals\":\"Microsoft.ContainerService/managedClusters\"},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"policyId\":\"UniqueIngressHostnames\",\"policy\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d011d9f7-ba32-4005-b727-b3d09371ca60\"},{\"properties\":{\"displayName\":\"[Preview]: + Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"To + reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux + capabilities. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Kubernetes\",\"preview\":true},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"[Preview]: + Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created + or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant + resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to + exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"[Preview]: + Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to + only include in policy evaluation. An empty list means the policy is applied + to all resources in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"[Preview]: + Kubernetes label selector\",\"description\":\"Label query to select Kubernetes + resources for policy evaluation. An empty label selector matches all Kubernetes + resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-disallowed-capabilities/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"disallowedCapabilities\":\"CAP_SYS_ADMIN\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d2e7ea85-6b44-4317-a0be-1b951587f626\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d2e7ea85-6b44-4317-a0be-1b951587f626\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster services should only use allowed external IPs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes + cluster. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + allows a non-compliant resource to be created or updated, but flags it as + non-compliant. 'Deny' blocks the non-compliant resource creation or update. + 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from + policy evaluation. Providing a value for this parameter is optional.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace + inclusions\",\"description\":\"List of Kubernetes namespaces to only include + in policy evaluation. An empty list means the policy is applied to all resources + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedExternalIPs\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + External IPs\",\"description\":\"List of External IPs that services are allowed + to use. Empty array means all external IPs are disallowed.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-external-ips/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedExternalIPs\":\"[parameters('allowedExternalIPs')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/d46c275d-1680-448d-b2ec-e495a3b6cc89\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"d46c275d-1680-448d-b2ec-e495a3b6cc89\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should run with a read only root file system\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Run + containers with a read only root file system to protect from changes at run-time + with malicious binaries being added to PATH in a Kubernetes cluster. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29392,13 +38485,16 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/read-only-root-filesystem/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pods and containers only use allowed SELinux options in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/read-only-root-filesystem/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\"}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"df49d893-a74c-421d-bc95-c663042e5b80\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pods and containers should only use allowed SELinux options\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pods + and containers should only use allowed SELinux options in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29406,29 +38502,33 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedSELinuxOptions\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed SELinux options\",\"description\":\"The allowed configurations for pod and container level SELinux Options. Provide empty options list as input to block - everything.\",\"schema\":{\"type\":\"object\",\"properties\":{\"options\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"level\":{\"type\":\"string\"},\"role\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"},\"user\":{\"type\":\"string\"}},\"additionalProperties\":false}}},\"required\":[\"options\"],\"additionalProperties\":false}},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/selinux/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Ensure - container CPU and memory resource limits do not exceed the specified limits - in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures container CPU and memory resource limits are defined and do - not exceed the specified limits in a Kubernetes cluster. This policy is generally - available for Kubernetes Service (AKS), and preview for AKS Engine and Azure - Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed CPU units\",\"description\":\"The maximum CPU units allowed for a - container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max - allowed memory bytes\",\"description\":\"The maximum memory bytes allowed - for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + everything.\"},\"defaultValue\":{\"options\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/selinux/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedSELinuxOptions\":\"[parameters('allowedSELinuxOptions').options]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e1e6c427-07d9-46ab-9689-bfa85431e636\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e1e6c427-07d9-46ab-9689-bfa85431e636\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers CPU and memory resource limits should not exceed the specified + limits\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Enforce + container CPU and memory resource limits to prevent resource exhaustion attacks + in a Kubernetes cluster. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"cpuLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed CPU units\",\"description\":\"The maximum CPU units allowed for a + container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}},\"memoryLimit\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Max + allowed memory bytes\",\"description\":\"The maximum memory bytes allowed + for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-resource-limits/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"cpuLimit\":\"[parameters('cpuLimit')]\",\"memoryLimit\":\"[parameters('memoryLimit')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e345eecc-fa47-480f-9e88-67dcc122b164\"},{\"properties\":{\"displayName\":\"[Preview]: Secrets should not be active for longer than the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"If your secrets were created with an activation date set in the future, you must ensure that your secrets have not been active for longer than the specified @@ -29441,12 +38541,13 @@ interactions: turns off the policy.\"},\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/secrets\"},{\"value\":\"[utcNow()]\",\"greater\":\"[addDays(if(empty(field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.createdOn'), field('Microsoft.KeyVault.Data/vaults/secrets/attributes.notBefore')), parameters('maximumValidityInDays'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"e8d99835-8a06-45ae-a8e0-87a91941ccfe\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy controls the user, primary group, supplemental group and file system - group IDs that pods and containers can use to run in a Kubernetes Cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster pods and containers should only run with approved user and group IDs\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Control + the user, primary group, supplemental group and file system group IDs that + pods and containers can use to run in a Kubernetes Cluster. This recommendation + is part of Pod Security Policies which are intended to improve the security + of your Kubernetes environments. This policy is generally available for Kubernetes + Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. + For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29454,29 +38555,32 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"runAsUserRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as user rule\",\"description\":\"The 'RunAsUser' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MustRunAsNonRoot\",\"RunAsAny\"],\"defaultValue\":\"MustRunAsNonRoot\"},\"runAsUserRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed user ID ranges\",\"description\":\"The user ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"runAsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Run as group rule\",\"description\":\"The 'RunAsGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"runAsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed group ID ranges\",\"description\":\"The group ID ranges that are allowed for - containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental + containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"supplementalGroupsRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Supplemental group rule\",\"description\":\"The 'SupplementalGroups' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"supplementalGroupsRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed supplemental group ID ranges\",\"description\":\"The supplemental group ID - ranges that are allowed for containers to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File + ranges that are allowed for containers to use.\"},\"defaultValue\":{\"ranges\":[]}},\"fsGroupRule\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"File system group rule\",\"description\":\"The 'FSGroup' rule that containers are allowed to run with.\"},\"allowedValues\":[\"MustRunAs\",\"MayRunAs\",\"RunAsAny\"],\"defaultValue\":\"RunAsAny\"},\"fsGroupRanges\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Allowed file system group ID ranges\",\"description\":\"The file system group ranges - that are allowed for pods to use.\",\"schema\":{\"type\":\"object\",\"properties\":{\"ranges\":{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"min\":{\"type\":\"integer\"},\"max\":{\"type\":\"integer\"}},\"required\":[\"min\",\"max\"],\"additionalProperties\":false}}},\"required\":[\"ranges\"],\"additionalProperties\":false}},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-users-groups/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"},\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures pod FlexVolume volumes only use allowed drivers in a Kubernetes - cluster. This policy is generally available for Kubernetes Service (AKS), - and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions - on using this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"2.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + that are allowed for pods to use.\"},\"defaultValue\":{\"ranges\":[]}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-users-groups/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"runAsUser\":{\"rule\":\"[parameters('runAsUserRule')]\",\"ranges\":\"[parameters('runAsUserRanges').ranges]\"},\"runAsGroup\":{\"rule\":\"[parameters('runAsGroupRule')]\",\"ranges\":\"[parameters('runAsGroupRanges').ranges]\"},\"supplementalGroups\":{\"rule\":\"[parameters('supplementalGroupsRule')]\",\"ranges\":\"[parameters('supplementalGroupsRanges').ranges]\"},\"fsGroup\":{\"rule\":\"[parameters('fsGroupRule')]\",\"ranges\":\"[parameters('fsGroupRanges').ranges]\"}}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f06ddb64-5fa3-4b77-b166-acb36f7f6042\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f06ddb64-5fa3-4b77-b166-acb36f7f6042\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster pod FlexVolume volumes should only use allowed drivers\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. + This recommendation is part of Pod Security Policies which are intended to + improve the security of your Kubernetes environments. This policy is generally + available for Kubernetes Service (AKS), and preview for AKS Engine and Azure + Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29484,10 +38588,12 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedFlexVolumeDrivers\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Allowed FlexVolume drivers\",\"description\":\"The list of drivers that FlexVolume volumes are allowed to use. Provide empty list as input to block everything.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/flexvolume-drivers/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/flexvolume-drivers/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedFlexVolumeDrivers\":\"[parameters('allowedFlexVolumeDrivers')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f4a8fce0-2dd5-4c21-9a36-8f0ec809d663\"},{\"properties\":{\"displayName\":\"[Preview]: Certificates should not expire within the specified number of days\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Manage certificates that will expire within a specified number of days to ensure your organization has sufficient time to rotate the certificate prior to expiration.\",\"metadata\":{\"version\":\"2.0.0-preview\",\"category\":\"Key @@ -29498,11 +38604,12 @@ interactions: but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"}},\"policyRule\":{\"if\":{\"allOf\":[{\"field\":\"type\",\"equals\":\"Microsoft.KeyVault.Data/vaults/certificates\"},{\"field\":\"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn\",\"lessOrEquals\":\"[addDays(utcNow(), parameters('daysToExpire'))]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f772fb64-8e40-40ad-87bc-7706e1949427\"},{\"properties\":{\"displayName\":\"Kubernetes - cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures containers only use allowed ProcMountType in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"3.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + cluster containers should only use allowed ProcMountType\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Pod + containers can only use allowed ProcMountTypes in a Kubernetes cluster. This + recommendation is part of Pod Security Policies which are intended to improve + the security of your Kubernetes environments. This policy is generally available + for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled + Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"4.0.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace @@ -29510,25 +38617,29 @@ interactions: policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"procMountType\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"ProcMountType\",\"description\":\"The ProcMountType that containers are allowed to use in the cluster.\"},\"allowedValues\":[\"Unmasked\",\"Default\"],\"defaultValue\":\"Default\"}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/allowed-proc-mount-types/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Ensure - only allowed container images in Kubernetes cluster\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"This - policy ensures only allowed container images are running in a Kubernetes cluster. - This policy is generally available for Kubernetes Service (AKS), and preview - for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using - this policy, visit https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"5.0.1\",\"category\":\"Kubernetes\"},\"parameters\":{\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed - container images regex\",\"description\":\"The RegEx rule used to match allowed - container images in a Kubernetes cluster. For example, to allow any Azure - Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}},\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' + Engine\",\"Microsoft.Kubernetes/connectedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/allowed-proc-mount-types/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"procMount\":\"[parameters('procMountType')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/f85eb0dd-92ee-40e9-8a76-db25a507d6d3\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"f85eb0dd-92ee-40e9-8a76-db25a507d6d3\"},{\"properties\":{\"displayName\":\"Kubernetes + cluster containers should only use allowed images\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.Kubernetes.Data\",\"description\":\"Use + images from trusted registries to reduce the Kubernetes cluster's exposure + risk to unknown vulnerabilities, security issues and malicious images. This + policy is generally available for Kubernetes Service (AKS), and preview for + AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.\",\"metadata\":{\"version\":\"6.1.0\",\"category\":\"Kubernetes\"},\"parameters\":{\"effect\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Effect\",\"description\":\"'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.\"},\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\"},\"excludedNamespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace exclusions\",\"description\":\"List of Kubernetes namespaces to exclude from policy evaluation.\"},\"defaultValue\":[\"kube-system\",\"gatekeeper-system\",\"azure-arc\"]},\"namespaces\":{\"type\":\"Array\",\"metadata\":{\"displayName\":\"Namespace inclusions\",\"description\":\"List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources - in all namespaces.\"},\"defaultValue\":[]}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS - Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml\",\"constraint\":\"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: + in all namespaces.\"},\"defaultValue\":[]},\"labelSelector\":{\"type\":\"Object\",\"metadata\":{\"displayName\":\"Kubernetes + label selector\",\"description\":\"Label query to select Kubernetes resources + for policy evaluation. An empty label selector matches all Kubernetes resources.\"},\"defaultValue\":{}},\"allowedContainerImagesRegex\":{\"type\":\"String\",\"metadata\":{\"displayName\":\"Allowed + container images regex\",\"description\":\"The RegEx rule used to match allowed + container images in a Kubernetes cluster. For example, to allow any Azure + Container Registry image by matching partial path: ^.+azurecr.io/.+$\"}}},\"policyRule\":{\"if\":{\"field\":\"type\",\"in\":[\"AKS + Engine\",\"Microsoft.Kubernetes/connectedClusters\",\"Microsoft.ContainerService/managedClusters\"]},\"then\":{\"effect\":\"[parameters('effect')]\",\"details\":{\"constraintTemplate\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/template.yaml\",\"constraint\":\"https://store.policy.core.windows.net/kubernetes/container-allowed-images/v1/constraint.yaml\",\"excludedNamespaces\":\"[parameters('excludedNamespaces')]\",\"namespaces\":\"[parameters('namespaces')]\",\"labelSelector\":\"[parameters('labelSelector')]\",\"values\":{\"allowedContainerImagesRegex\":\"[parameters('allowedContainerImagesRegex')]\",\"imageRegex\":\"[parameters('allowedContainerImagesRegex')]\"}}}}},\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\"type\":\"Microsoft.Authorization/policyDefinitions\",\"name\":\"febd0533-8e55-448f-b837-bd0e06f16469\"},{\"properties\":{\"displayName\":\"[Preview]: Keys using elliptic curve cryptography should have the specified curve names\",\"policyType\":\"BuiltIn\",\"mode\":\"Microsoft.KeyVault.Data\",\"description\":\"Keys backed by elliptic curve cryptography can have different curve names. Some applications are only compatible with specific elliptic curve keys. Enforce @@ -29543,11 +38654,11 @@ interactions: cache-control: - no-cache content-length: - - '2498717' + - '2920414' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:16 GMT + - Mon, 22 Mar 2021 08:45:02 GMT expires: - '-1' pragma: @@ -29579,8 +38690,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -29596,7 +38707,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:18 GMT + - Mon, 22 Mar 2021 08:45:08 GMT expires: - '-1' pragma: @@ -29628,8 +38739,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -29645,7 +38756,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:28 GMT + - Mon, 22 Mar 2021 08:45:18 GMT expires: - '-1' pragma: @@ -29677,8 +38788,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -29694,7 +38805,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:30 GMT + - Mon, 22 Mar 2021 08:45:20 GMT expires: - '-1' location: @@ -29702,15 +38813,15 @@ interactions: pragma: - no-cache request-id: - - 46da4b68-c059-4dde-b91e-430ed4447e1b + - d6aa44f9-d9d1-4432-a7ee-24fa18e9d4de strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-deletes: - - '14999' + - '14998' status: code: 202 message: Accepted @@ -29728,8 +38839,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: @@ -29743,13 +38854,13 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:19:40 GMT + - Mon, 22 Mar 2021 08:45:33 GMT expires: - '-1' pragma: - no-cache request-id: - - 9dd99d15-ad09-4151-a091-adb673589bf8 + - d480c60c-2dc1-42a1-a234-093dcb6ba65f strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -29757,7 +38868,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment.yaml index fb499ca073a..fb6eafda5be 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment.yaml @@ -51,15 +51,15 @@ interactions: ParameterSetName: - --location --template-file --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/subscription_level_template","name":"subscription_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:20.5161942Z","duration":"PT0S","correlationId":"a9971483-197d-4cce-b439-eca5ab3877c8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/subscription_level_template","name":"subscription_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:09:51.4248286Z","duration":"PT0S","correlationId":"15678ddd-42b7-4e51-9809-ce43f1d54408","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' headers: cache-control: - no-cache @@ -68,7 +68,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:04:20 GMT + - Mon, 22 Mar 2021 07:09:51 GMT expires: - '-1' pragma: @@ -82,7 +82,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1198' status: code: 200 message: OK @@ -124,11 +124,11 @@ interactions: content-type: - text/plain; charset=utf-8 date: - - Thu, 17 Dec 2020 19:04:21 GMT + - Mon, 22 Mar 2021 07:09:52 GMT etag: - '"2cc7b94cb1a1129b25fb74b5079c39ebea46f9ed18b7ed5ab643967ad43be835"' expires: - - Thu, 17 Dec 2020 19:09:21 GMT + - Mon, 22 Mar 2021 07:14:52 GMT source-age: - '0' strict-transport-security: @@ -136,23 +136,23 @@ interactions: vary: - Authorization,Accept-Encoding via: - - 1.1 varnish (Varnish/6.0), 1.1 varnish + - 1.1 varnish x-cache: - - MISS, HIT + - HIT x-cache-hits: - - 0, 1 + - '1' x-content-type-options: - nosniff x-fastly-request-id: - - dc0a6633d1a858f1106719adc9af09a1b4f5c6a9 + - 2abff378af95897da770cdcf43b7dc7d66ed2bc6 x-frame-options: - deny x-github-request-id: - - 98DE:0E0A:7FC51:91E30:5FDBA9D6 + - 7B86:7068:C4B65:13C49B:60583F1E x-served-by: - - cache-mia11361-MIA + - cache-sin18030-SIN x-timer: - - S1608231861.220880,VS0,VE124 + - S1616396993.568092,VS0,VE292 x-xss-protection: - 1; mode=block status: @@ -209,15 +209,15 @@ interactions: ParameterSetName: - --location --template-file --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/subscription_level_template","name":"subscription_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:21.7225215Z","duration":"PT0S","correlationId":"842cf2f2-9408-4424-ae61-19828251f49a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1801"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/subscription_level_template","name":"subscription_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:09:53.2936563Z","duration":"PT0S","correlationId":"747ca293-a449-4ff1-aa86-0933e7600990","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1801"}]}}' headers: cache-control: - no-cache @@ -226,7 +226,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:04:21 GMT + - Mon, 22 Mar 2021 07:09:54 GMT expires: - '-1' pragma: @@ -296,15 +296,15 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:22.4417268Z","duration":"PT0S","correlationId":"ce7b32e6-9feb-4041-bcbd-1414be27134b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:09:55.7969935Z","duration":"PT0S","correlationId":"b08cc5e1-1257-4850-a10e-75f149b089fb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' headers: cache-control: - no-cache @@ -313,7 +313,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:04:22 GMT + - Mon, 22 Mar 2021 07:09:56 GMT expires: - '-1' pragma: @@ -383,18 +383,18 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-12-17T19:04:24.1844152Z","duration":"PT1.2973173S","correlationId":"51cabcaf-b850-45c0-b77e-d283a77a79ca","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T07:10:00.6174559Z","duration":"PT3.1803597S","correlationId":"d91f86d3-d883-4e53-aea4-c75d9ea0f687","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operationStatuses/08585933750225905263?api-version=2020-10-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operationStatuses/08585852098880405369?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -402,7 +402,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:04:23 GMT + - Mon, 22 Mar 2021 07:10:01 GMT expires: - '-1' pragma: @@ -430,10 +430,10 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585933750225905263?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852098880405369?api-version=2020-10-01 response: body: string: '{"status":"Running"}' @@ -445,7 +445,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:04:55 GMT + - Mon, 22 Mar 2021 07:10:32 GMT expires: - '-1' pragma: @@ -473,10 +473,10 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585933750225905263?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852098880405369?api-version=2020-10-01 response: body: string: '{"status":"Succeeded"}' @@ -488,7 +488,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:25 GMT + - Mon, 22 Mar 2021 07:11:02 GMT expires: - '-1' pragma: @@ -516,13 +516,13 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:59.4976816Z","duration":"PT36.6105837S","correlationId":"51cabcaf-b850-45c0-b77e-d283a77a79ca","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:52.8052403Z","duration":"PT55.3681441S","correlationId":"d91f86d3-d883-4e53-aea4-c75d9ea0f687","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' headers: cache-control: - no-cache @@ -531,7 +531,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:25 GMT + - Mon, 22 Mar 2021 07:11:02 GMT expires: - '-1' pragma: @@ -557,28 +557,518 @@ interactions: Connection: - keep-alive User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:59.4976816Z","duration":"PT36.6105837S","correlationId":"51cabcaf-b850-45c0-b77e-d283a77a79ca","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested","name":"sub-nested","type":"Microsoft.Resources/deployments","location":"eastus","properties":{"templateHash":"17976844800751378253","parameters":{},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-16T22:20:00.0240332Z","duration":"PT11.8325984S","correlationId":"719f72ae-54ac-482e-9cb2-4d1d046071f4","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["eastus2"]}]}],"dependencies":[],"error":{"code":"DeploymentFailed","message":"At + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:52.8052403Z","duration":"PT55.3681441S","correlationId":"d91f86d3-d883-4e53-aea4-c75d9ea0f687","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentrcecbrvsljdnpoqp4dcow","name":"azure-cli-subscription_level_deploymentrcecbrvsljdnpoqp4dcow","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploydd7t2xs4rsci67yghg5tkkvur4jgphcusoqee4/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployipxhvtbvjkdvr4p5bm33go2xvrezfmsxb2/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T06:55:55.8075911Z","duration":"PT12.4846193S","correlationId":"ed414cd9-f4a2-4da3-8b21-05705633ff93","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjzk2icld7vswju6cojdtb","name":"azure-cli-subscription_level_deploymentjzk2icld7vswju6cojdtb","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemollvmbnwp"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:56:27.3298113Z","duration":"PT47.9000572S","correlationId":"63dba97b-1b4c-4090-87de-bf7f150454e9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemollvmbnwp"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgbw4yd2pavusiz6zfwotk","name":"azure-cli-subscription_level_deploymentgbw4yd2pavusiz6zfwotk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploydd7t2xs4rsci67yghg5tkkvur4jgphcusoqee4/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployipxhvtbvjkdvr4p5bm33go2xvrezfmsxb2/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoyc2hhg6d"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:55:14.9180781Z","duration":"PT45.722277S","correlationId":"4d3e2302-a40f-4eff-87b0-b95f40f8d40e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoyc2hhg6d"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentthk3zod2w56nupbuh5eq2","name":"azure-cli-subscription_level_deploymentthk3zod2w56nupbuh5eq2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemon52flbb7"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-18T23:30:19.8798342Z","duration":"PT3.9277986S","correlationId":"45be0a63-c0b6-4296-9e01-7900556aba26","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjip7zuqda2nodmwe4h5di","name":"azure-cli-subscription_level_deploymentjip7zuqda2nodmwe4h5di","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemon52flbb7"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-18T23:29:37.182401Z","duration":"PT34.1751283S","correlationId":"6a59b5f3-4cb2-40ce-9e81-3702f8b58726","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemon52flbb7"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/policy_definition_deploy","name":"policy_definition_deploy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6791821466041245512","parameters":{"denyLocation":{"type":"String","value":"northeurope"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-18T23:28:33.9420576Z","duration":"PT2.622024S","correlationId":"75c1a498-eb0f-45d1-a333-e01392a61022","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]}]}],"dependencies":[],"outputs":{"policyDefinitionId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test"}},"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/1","name":"1","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment_what_if_template_specsriazzujyuwx6t6hz3jx6xhpdy5p33hxou/providers/Microsoft.Resources/templateSpecs/cli-test-deploy-what-if-sub-deploymd6veyh73elrjfdy6sjvarbf5r/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1669246125929096641","parameters":{"denyLocation":{"type":"String","value":"northeurope"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-18T23:27:58.9638937Z","duration":"PT2.2779916S","correlationId":"18aaeb6b-1a52-4b16-82b6-10279b6db102","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]}]}],"dependencies":[],"outputs":{"policyDefinitionId":{"type":"String","value":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test"}},"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvvl26pjs5ycens5jkhk6t","name":"azure-cli-subscription_level_deploymentvvl26pjs5ycens5jkhk6t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploycybqxro7eozgozigbs2xecssvfli45wg7qr2du/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployeu2msxp5iicnqppvptojtahdrdm46qgv4p/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemox6f7jqur"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-03-18T23:27:43.5350769Z","duration":"PT2.5535182S","correlationId":"c9b1ee9f-c7ce-4ed6-aa91-5b1e4f619ad7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbmykrckkp253aosgzjbzt","name":"azure-cli-subscription_level_deploymentbmykrckkp253aosgzjbzt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemowgqeod7w"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-18T23:27:11.8410364Z","duration":"PT3.0333865S","correlationId":"f129a879-5dc0-40aa-b535-07ca603ae110","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentozqbvtz2uy3v5tzpjmbwx","name":"azure-cli-subscription_level_deploymentozqbvtz2uy3v5tzpjmbwx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemowgqeod7w"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-18T23:26:57.0714958Z","duration":"PT30.3196805S","correlationId":"ba518d52-08ca-406e-bbf3-529d9a827692","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemowgqeod7w"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7g4pkhbrrp4fo6bqwxjm6","name":"azure-cli-subscription_level_deployment7g4pkhbrrp4fo6bqwxjm6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4okw7cdx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-11T23:14:13.8506034Z","duration":"PT4.0972073S","correlationId":"03f821ee-7812-4ed7-ad2c-cd33590b9e82","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbh5vumo2umghhmqgpmgsz","name":"azure-cli-subscription_level_deploymentbh5vumo2umghhmqgpmgsz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4okw7cdx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-11T23:13:59.6844117Z","duration":"PT30.6532164S","correlationId":"aeed0da7-c7a7-4ec1-bd52-0d52cc924f88","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4okw7cdx"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyxsvltjfhoplmhvjw6ce5","name":"azure-cli-subscription_level_deploymentyxsvltjfhoplmhvjw6ce5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy2i2jkggmtwz47amfjib4m65juogzfjczladegv/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployeigaul74lln3van57esqcfgmetc3yrty33/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoveu5rmz7"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-03-11T23:12:53.102719Z","duration":"PT2.6756522S","correlationId":"9147eb16-b1ff-4616-bb46-224523c02d2b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentivnhbtz654i2ysalyr6tr","name":"azure-cli-subscription_level_deploymentivnhbtz654i2ysalyr6tr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo3ahwawuj"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-03-11T23:11:40.6059978Z","duration":"PT5.9386167S","correlationId":"52ac2d60-29a7-4887-9eee-fbb0b94be50e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment535m6s6yvyd62djmpbyz5","name":"azure-cli-subscription_level_deployment535m6s6yvyd62djmpbyz5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo3ahwawuj"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-11T23:11:24.1314099Z","duration":"PT31.2480012S","correlationId":"6ac42aad-1746-421a-9683-07d98f35f441","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo3ahwawuj"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5fqhvwyiryaw67ygytgzb","name":"azure-cli-subscription_level_deployment5fqhvwyiryaw67ygytgzb","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemorv5pvorh"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-04T22:57:46.6431184Z","duration":"PT1.8589609S","correlationId":"b30c6ee1-7705-4e6a-a1e4-7755fa907472","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentrdzg4cntp5ic7wxj64egr","name":"azure-cli-subscription_level_deploymentrdzg4cntp5ic7wxj64egr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemorv5pvorh"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-04T22:57:35.4961143Z","duration":"PT30.2309295S","correlationId":"a520ddc0-04a7-4e9b-b910-c58dee02780b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemorv5pvorh"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentctszc54xjr7n2d3wkskdr","name":"azure-cli-subscription_level_deploymentctszc54xjr7n2d3wkskdr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo6rmp7ara"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-04T22:55:15.2209124Z","duration":"PT1.3258759S","correlationId":"afee3c9b-5897-44d6-910e-2a39d4e1d314","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5erugsarqzqhzhnftojpk","name":"azure-cli-subscription_level_deployment5erugsarqzqhzhnftojpk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo6rmp7ara"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-04T22:54:36.6597424Z","duration":"PT32.3767489S","correlationId":"c68a55e7-a299-4e50-9dbd-a39e535bd071","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo6rmp7ara"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentaqozswu7wa4x7ee76my67","name":"azure-cli-subscription_level_deploymentaqozswu7wa4x7ee76my67","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo3qhrfnrk"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-01T13:41:37.7953662Z","duration":"PT3.7769149S","correlationId":"0aac0c94-d5f9-4708-b496-05d361524478","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentguyro6i6ri5cwxgnlbweu","name":"azure-cli-subscription_level_deploymentguyro6i6ri5cwxgnlbweu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo3qhrfnrk"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-01T13:40:57.9359231Z","duration":"PT34.9800589S","correlationId":"11fb2149-c9c5-4bb1-a9b2-b8e83073f0e6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo3qhrfnrk"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentes7lzaeleqnx5ab753eol","name":"azure-cli-subscription_level_deploymentes7lzaeleqnx5ab753eol","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemogcen6nnt"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-01T13:38:32.9413531Z","duration":"PT3.8066621S","correlationId":"88ba7bb8-ca55-43e0-9916-862eb10e8324","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentl435dqlzx2uxvtu3ypqgc","name":"azure-cli-subscription_level_deploymentl435dqlzx2uxvtu3ypqgc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemogcen6nnt"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-01T13:37:52.0100201Z","duration":"PT34.4967678S","correlationId":"5b338cf4-83d9-460e-a170-c23a8142c59f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemogcen6nnt"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentsl2obkgkwjoan47njmk2u","name":"azure-cli-subscription_level_deploymentsl2obkgkwjoan47njmk2u","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemostz7jy5v"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-25T23:47:53.5974926Z","duration":"PT5.0275004S","correlationId":"4c6298f6-087f-4da4-b14b-bb46305829bd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentsaflsxag5uglb7n25fxya","name":"azure-cli-subscription_level_deploymentsaflsxag5uglb7n25fxya","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemostz7jy5v"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-25T23:47:13.5052781Z","duration":"PT33.9798173S","correlationId":"7255cb8e-23f0-4cc0-9d60-41d5f2b377d3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemostz7jy5v"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7kaewk57choxefaitigcm","name":"azure-cli-subscription_level_deployment7kaewk57choxefaitigcm","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo2yq6rmjx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-25T23:44:51.5611412Z","duration":"PT2.4259503S","correlationId":"ae04c092-52ba-49d0-8195-d7a0d936dc52","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6r364wmnrfttqpykfwpyj","name":"azure-cli-subscription_level_deployment6r364wmnrfttqpykfwpyj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo2yq6rmjx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-25T23:44:39.8784674Z","duration":"PT29.9795323S","correlationId":"1ac522f5-1322-4969-b26c-b4d5de02d9b4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo2yq6rmjx"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentaiqtgltrinvrohzo2ygxd","name":"azure-cli-subscription_level_deploymentaiqtgltrinvrohzo2ygxd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemov2v5b7jx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-24T06:31:06.124648Z","duration":"PT2.0738427S","correlationId":"cae376c6-f562-40eb-aabb-f1673ce74d47","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbwodivemzwnkmqwre2tvw","name":"azure-cli-subscription_level_deploymentbwodivemzwnkmqwre2tvw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemov2v5b7jx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-24T06:30:30.1092015Z","duration":"PT34.7765633S","correlationId":"0856f750-f08b-48c1-bd6f-a1ae7e95a89d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemov2v5b7jx"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment65cgtntn56rq2yslyez6d","name":"azure-cli-subscription_level_deployment65cgtntn56rq2yslyez6d","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployycnx6opz35mx7ddg2m6fafjbwje75ybmiuf6aw/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployfdohmpad673ilzxttgvwh6wawhugbupej6/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemopr6slar7"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-02-24T06:29:05.5222485Z","duration":"PT2.0880845S","correlationId":"99fc971e-74a0-4378-b0bf-1a62e2793f62","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenterece32usbz6a4c5pxr7t","name":"azure-cli-subscription_level_deploymenterece32usbz6a4c5pxr7t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemob7f6t6be"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-24T06:28:05.1890562Z","duration":"PT3.1006894S","correlationId":"13d2d727-b681-46b0-913e-35b10b7a121f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvfi3pl7vm6k7xlode3jft","name":"azure-cli-subscription_level_deploymentvfi3pl7vm6k7xlode3jft","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemob7f6t6be"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-24T06:27:25.3588429Z","duration":"PT32.6017938S","correlationId":"93409f3c-24d4-4a0f-b427-72ca9c021f0a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemob7f6t6be"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentf6bvr6soai62pepsdunpg","name":"azure-cli-subscription_level_deploymentf6bvr6soai62pepsdunpg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemooakg4jut"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-18T23:11:03.1480681Z","duration":"PT1.489349S","correlationId":"6cb20819-d6d9-429c-a578-055dcd97db27","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentpuvltrs6lkbt42qpfylq2","name":"azure-cli-subscription_level_deploymentpuvltrs6lkbt42qpfylq2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemooakg4jut"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-18T23:10:50.8356139Z","duration":"PT29.1827513S","correlationId":"a9c4933a-71cc-4686-b7e9-b848eef59bb4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemooakg4jut"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentnhh47en3ct53fbfgqdfij","name":"azure-cli-subscription_level_deploymentnhh47en3ct53fbfgqdfij","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploymrtqlkfdgoue3oxw7uibdskwxi4gmk3caclvay/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployz7hvr3svgi4hxvzvxnqpqqnrxr6tace3us/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoualuj3jx"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-02-18T23:09:58.8008208Z","duration":"PT4.9485239S","correlationId":"361bf03d-646f-444a-95ee-3b8794610b97","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentqvej6jllkhxpl5mbsvpf3","name":"azure-cli-subscription_level_deploymentqvej6jllkhxpl5mbsvpf3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemopzcqesxa"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-18T23:08:31.7304663Z","duration":"PT1.0787754S","correlationId":"f5b5236e-6fd9-4ca4-8438-aeaaa8050907","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentm4a2alip7lj6p52py3mje","name":"azure-cli-subscription_level_deploymentm4a2alip7lj6p52py3mje","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemopzcqesxa"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-18T23:07:56.1765895Z","duration":"PT35.7361517S","correlationId":"2dc42f35-9a17-4bad-abd4-90713a958756","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemopzcqesxa"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentncjyeg3do27w7t7hqh2x3","name":"azure-cli-subscription_level_deploymentncjyeg3do27w7t7hqh2x3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployavdjxb4a3qdwgmsskok4emabs7kbjevisist2l/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploytmwmqd7udsnjnmwh3yfd4d63loh3ed2k3x/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-11T23:07:11.3629808Z","duration":"PT2.8172323S","correlationId":"ed553bac-ce9d-40d5-8552-7a917c4581b5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvilf2edyu3xqcetq7yjzx","name":"azure-cli-subscription_level_deploymentvilf2edyu3xqcetq7yjzx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployavdjxb4a3qdwgmsskok4emabs7kbjevisist2l/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploytmwmqd7udsnjnmwh3yfd4d63loh3ed2k3x/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4zojorav"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-11T23:06:47.620713Z","duration":"PT44.519177S","correlationId":"877c9ea4-0f36-44de-8b2b-f0df91e0174a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4zojorav"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4z3lhqezlbpgv7xyjrfd5","name":"azure-cli-subscription_level_deployment4z3lhqezlbpgv7xyjrfd5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemodpxjozfm"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-11T23:04:25.0952618Z","duration":"PT9.2361604S","correlationId":"f692dd33-2355-464a-91d5-e9e408b29631","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemodpxjozfm"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment3yhsk4hj5fyeedxvezau3","name":"azure-cli-subscription_level_deployment3yhsk4hj5fyeedxvezau3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemodpxjozfm"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-11T23:04:05.712075Z","duration":"PT30.2652028S","correlationId":"419180ab-a88e-4a43-9d21-3c361d9e1460","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemodpxjozfm"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/simple-template","name":"simple-template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6178499644389956004","parameters":{"location":{"type":"String","value":"westus"},"name":{"type":"String","value":"azure-cli-deploy-test-nsg1"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-02-09T02:30:11.8918188Z","duration":"PT5.5416356S","correlationId":"59569a02-107c-420b-92ec-67267c1336ee","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"networkSecurityGroups","locations":["westus"]}]}],"dependencies":[],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceNotFound","message":"The + Resource ''Microsoft.Network/networkSecurityGroups/azure-cli-deploy-test-nsg1'' + under resource group '''' was not found. For more details please go + to https://aka.ms/ARMResourceNotFoundFix"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/727a3e17-e2b9-4881-84a0-84042d053094","name":"727a3e17-e2b9-4881-84a0-84042d053094","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"9216505373627966963","parameters":{"resourceGroupApiVersion":{"type":"String","value":"2019-10-01"},"rgName":{"type":"String","value":"clitest_resourcemover_target_rg"},"rgLocation":{"type":"String","value":"westus"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-05T09:58:02.1855557Z","duration":"PT5.9213213S","correlationId":"97485196-ef46-4ee7-9a51-0d889f6bb20c","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/69cb62ae-24cf-4f09-96eb-e47bc5670f7e","name":"69cb62ae-24cf-4f09-96eb-e47bc5670f7e","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"9216505373627966963","parameters":{"resourceGroupApiVersion":{"type":"String","value":"2019-10-01"},"rgName":{"type":"String","value":"clitest_resourcemover_target_rg"},"rgLocation":{"type":"String","value":"westus"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-05T09:40:04.9570375Z","duration":"PT5.2950777S","correlationId":"a8fdbf15-9988-44ce-9e0f-0b0f4a31c288","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/36cb6879-a861-4a56-a314-18746e34c115","name":"36cb6879-a861-4a56-a314-18746e34c115","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"9216505373627966963","parameters":{"resourceGroupApiVersion":{"type":"String","value":"2019-10-01"},"rgName":{"type":"String","value":"clitest_resourcemover_target_rg"},"rgLocation":{"type":"String","value":"westus"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-05T08:17:45.8873681Z","duration":"PT4.0700308S","correlationId":"668acb79-f9c4-4afe-a98c-7ddc210f4803","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/3a44a148-1518-4879-9c25-46b4402644a6","name":"3a44a148-1518-4879-9c25-46b4402644a6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"9216505373627966963","parameters":{"resourceGroupApiVersion":{"type":"String","value":"2019-10-01"},"rgName":{"type":"String","value":"clitest_resourcemover_target_rg"},"rgLocation":{"type":"String","value":"westus"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-05T08:03:35.9602336Z","duration":"PT3.5710188S","correlationId":"9f6d56d4-2ac4-4262-8944-41797ae65886","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5eajmbqj5sfjwb6lvgqbg","name":"azure-cli-subscription_level_deployment5eajmbqj5sfjwb6lvgqbg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployguse6rlx725me3ntekdytjbazi4hywbisbr43r/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployqptykjbmozuqvkyjnuifhzybkeny6hkmr4/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo75apjjt2"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-02-04T22:57:39.6950009Z","duration":"PT4.424808S","correlationId":"a6107b06-de67-4361-bfbd-3bdce92b26a7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkk3ea7i47t7hnl7vcoo6m","name":"azure-cli-subscription_level_deploymentkk3ea7i47t7hnl7vcoo6m","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoqadyz5fw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-04T22:57:02.4275361Z","duration":"PT1.7818075S","correlationId":"8957d087-d914-4ee1-a641-c0d7bfc3d29e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbuh3kbdssoq436hf6glpo","name":"azure-cli-subscription_level_deploymentbuh3kbdssoq436hf6glpo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoqadyz5fw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-04T22:56:25.1024342Z","duration":"PT33.9600751S","correlationId":"92d7432d-68d1-4204-a86a-7088ddc0d5cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoqadyz5fw"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentry77nypkhckiefwlvrtfs","name":"azure-cli-subscription_level_deploymentry77nypkhckiefwlvrtfs","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoy3m6p6ky"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-02-04T22:54:01.5664626Z","duration":"PT1.5642408S","correlationId":"8973d58b-0756-42ff-b6c3-7baa12735e4e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenttzdn3uuw7ertqd3jprdwf","name":"azure-cli-subscription_level_deploymenttzdn3uuw7ertqd3jprdwf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoy3m6p6ky"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-04T22:53:23.4924796Z","duration":"PT33.2962787S","correlationId":"ab420b5f-ff93-4d2d-a5cd-f12456e886ef","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoy3m6p6ky"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/e2ce8961-a81f-4462-aa72-5c898c2c21b2","name":"e2ce8961-a81f-4462-aa72-5c898c2c21b2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7279352615432920602","parameters":{"resourceGroupApiVersion":{"type":"String","value":"2019-10-01"},"rgName":{"type":"String","value":"houk-test-westus"},"rgLocation":{"type":"String","value":"westus"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-02-04T10:14:57.5551878Z","duration":"PT3.8874357S","correlationId":"ffc5aeaa-52cb-40e4-9763-b88bbe62fcaf","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/houk-test-westus"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentc24fhjdesrbxfvfujv6hf","name":"azure-cli-subscription_level_deploymentc24fhjdesrbxfvfujv6hf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployghcekdvyqrds534ltsowlbdmue5job6qmcoscu/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploys4srabz3g7yjmdun2fzs3ulgfcxikfvkhh/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoenlfirpl"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-01-28T23:40:50.9799407Z","duration":"PT1M6.2329322S","correlationId":"3ea78c1d-4b83-449f-a735-967539b73554","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfbwh2rczdnnqqs5js27dx","name":"azure-cli-subscription_level_deploymentfbwh2rczdnnqqs5js27dx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo7ennxbgg"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-28T23:39:31.8879434Z","duration":"PT32.7588307S","correlationId":"2093ae3a-6224-4850-8850-c212d53eeecc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo7ennxbgg"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentrjp7p5hmizuw5elancxal","name":"azure-cli-subscription_level_deploymentrjp7p5hmizuw5elancxal","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo7dbnuvtu"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-01-28T23:37:16.7023798Z","duration":"PT12.9330924S","correlationId":"564599ce-84e6-48f2-9e2a-c651856b93d6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentecurubo4uct26xf43u7zq","name":"azure-cli-subscription_level_deploymentecurubo4uct26xf43u7zq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo7dbnuvtu"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-28T23:36:32.8220257Z","duration":"PT40.0384728S","correlationId":"755101df-1c8f-4cf1-b465-484d4f992655","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo7dbnuvtu"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentr3gxa4ugjmrijs3kdin37","name":"azure-cli-subscription_level_deploymentr3gxa4ugjmrijs3kdin37","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoigwvidtp"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-22T16:47:46.8517957Z","duration":"PT0.9623311S","correlationId":"71ec83c2-d67e-49c8-b23b-56ac013d3239","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmsiee36b25ac6d2fmavfw","name":"azure-cli-subscription_level_deploymentmsiee36b25ac6d2fmavfw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoigwvidtp"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-22T16:47:11.9808775Z","duration":"PT34.8727525S","correlationId":"88c34b99-cadf-4aba-9621-6bfd0521d866","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoigwvidtp"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta3773k52yiavwqnjz4xv7","name":"azure-cli-subscription_level_deploymenta3773k52yiavwqnjz4xv7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemokrpmri22"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-22T16:44:47.9947657Z","duration":"PT2.4850714S","correlationId":"f1519c52-f2bd-431c-a9f5-50d40d3e8db4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkfilxnwyvqens2tbjg4lc","name":"azure-cli-subscription_level_deploymentkfilxnwyvqens2tbjg4lc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemokrpmri22"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-22T16:44:33.4227134Z","duration":"PT26.971964S","correlationId":"85c5b51f-06c6-4c5b-91f3-75d26eee99f2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemokrpmri22"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentiymrj5gf22sywvg6kkopy","name":"azure-cli-subscription_level_deploymentiymrj5gf22sywvg6kkopy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploywb6uqapn7b4ckifvn5dc5ogpgdu7kwgxzvbr24/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployeqvm2nafbw57hxwfr26vnrjlypc4grx74j/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo64szyozi"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-01-21T23:04:00.394375Z","duration":"PT4.9963564S","correlationId":"78603470-2e98-40e2-b235-587c1601d672","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4d2prqfqqou2qevohyzub","name":"azure-cli-subscription_level_deployment4d2prqfqqou2qevohyzub","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemonrv4dtiv"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-21T23:03:18.6873171Z","duration":"PT0.5356399S","correlationId":"4e787524-8fb1-4006-9761-2c49ad32ca98","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta53wycv5w6lii5oskql6t","name":"azure-cli-subscription_level_deploymenta53wycv5w6lii5oskql6t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemonrv4dtiv"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-21T23:03:07.023763Z","duration":"PT28.8870564S","correlationId":"f7bd8d56-f535-4aee-8984-573193279f21","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemonrv4dtiv"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbm7guspkpfvwkwgqmvwk4","name":"azure-cli-subscription_level_deploymentbm7guspkpfvwkwgqmvwk4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolnrb73jk"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-21T23:00:49.2899585Z","duration":"PT0.7911004S","correlationId":"a8089493-08ad-4066-a79e-b931a9c5cebe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentts5riomth4tqep2zaavbt","name":"azure-cli-subscription_level_deploymentts5riomth4tqep2zaavbt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolnrb73jk"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-21T23:00:38.8008999Z","duration":"PT29.1100323S","correlationId":"130b804a-4454-4b64-bcb6-2797a5461a96","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolnrb73jk"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/simple_deploy","name":"simple_deploy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5572566982511788950","parameters":{"location":{"type":"String","value":"westus"},"name":{"type":"String","value":"zhoxing-test"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-01-19T02:44:29.9496677Z","duration":"PT7.0085672S","correlationId":"080d1a21-b3b0-4f99-a9b8-8f2039924af4","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"networkSecurityGroups","locations":["westus"]}]}],"dependencies":[],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceNotFound","message":"The + Resource ''Microsoft.Network/networkSecurityGroups/zhoxing-test'' under resource + group '''' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta5w3eeewaut7hlb53hjf4","name":"azure-cli-subscription_level_deploymenta5w3eeewaut7hlb53hjf4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy5qtglyzggzw72j5kpqsm6lf6kssrf23zfshlol/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployofifqnwmeyimae7mf6aroqttmgkoo7apit/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoafetnu4n"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2021-01-18T05:52:25.0435199Z","duration":"PT48.5125947S","correlationId":"61bc648d-3e96-40a0-8f28-8b10b1aae08a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentsb47h3wn4s5h2l4tibrsk","name":"azure-cli-subscription_level_deploymentsb47h3wn4s5h2l4tibrsk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5haflq2l"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-18T05:49:55.3565865Z","duration":"PT4.0768323S","correlationId":"fabe8c45-b7f7-497d-af4c-31b7079bbcf3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbbfl4ljdjzrjuhc3pvcmw","name":"azure-cli-subscription_level_deploymentbbfl4ljdjzrjuhc3pvcmw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5haflq2l"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-18T05:49:13.2019249Z","duration":"PT32.9362942S","correlationId":"83b5bf27-dd13-44c2-b490-f0844884aec0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5haflq2l"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5mjgdbngqu75xmok5bq23","name":"azure-cli-subscription_level_deployment5mjgdbngqu75xmok5bq23","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploystpn4kzpefnm3j3cjb6cafeqardsaqe2gsncvw/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployfztexqcvnjxkjh62w5b3wgnropwzzgrzx3/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-08T00:50:23.873015Z","duration":"PT2.816452S","correlationId":"ce01216c-a238-4e9e-8ec5-98adaf1845dc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7dl3aetqdrek34ijnomwf","name":"azure-cli-subscription_level_deployment7dl3aetqdrek34ijnomwf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploystpn4kzpefnm3j3cjb6cafeqardsaqe2gsncvw/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployfztexqcvnjxkjh62w5b3wgnropwzzgrzx3/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemontmcqqwe"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-08T00:49:54.6411384Z","duration":"PT38.4813158S","correlationId":"62bd2d25-45f4-4bcb-8a43-e7b5367e393e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemontmcqqwe"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment3garcp6rptsuvphfx46jz","name":"azure-cli-subscription_level_deployment3garcp6rptsuvphfx46jz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoikuwjddw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-01-08T00:48:20.6598932Z","duration":"PT2.6661317S","correlationId":"16427840-d3a6-498c-91cb-176e86fd0a7a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentorbr7rp4obprp2pirpqrh","name":"azure-cli-subscription_level_deploymentorbr7rp4obprp2pirpqrh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoikuwjddw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-01-08T00:47:11.6500123Z","duration":"PT34.1190484S","correlationId":"0c962da4-e19c-44cb-bf1b-71ab238c049b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoikuwjddw"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested","name":"sdktest-subnested","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"6468055941459966983","parameters":{},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-31T23:04:51.6872738Z","duration":"PT29.7833303S","correlationId":"4fcd0292-47df-498b-8f81-dc5dd3a575b5","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["eastus2euap"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py/providers/Microsoft.Storage/storageAccounts/armbuilddemo55wrumcz"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentofdhplv6r57gejj52rtnn","name":"azure-cli-subscription_level_deploymentofdhplv6r57gejj52rtnn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploya3j3umaxk2dsvapjlbcqya3hp5ygryek4gssrq/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployd6lhg4cqfwvot2lt7l6huajhcefgmmxupo/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-31T23:03:43.6585738Z","duration":"PT2.5437763S","correlationId":"51490af3-507b-40a3-9c15-7fe3ca0447d1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4koi4aoxktxd4cn4kt5bj","name":"azure-cli-subscription_level_deployment4koi4aoxktxd4cn4kt5bj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploya3j3umaxk2dsvapjlbcqya3hp5ygryek4gssrq/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployd6lhg4cqfwvot2lt7l6huajhcefgmmxupo/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemop6tl555d"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-31T23:03:36.988347Z","duration":"PT31.1514586S","correlationId":"87392462-80f4-478e-8cb7-f8a1cff7a155","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemop6tl555d"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentosmvlahyyyh2akjfweyvx","name":"azure-cli-subscription_level_deploymentosmvlahyyyh2akjfweyvx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemogxeuou47"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-31T23:01:35.7085332Z","duration":"PT1M0.3097704S","correlationId":"67ccfedb-abee-40f1-ac67-405118dd3ce5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployments6ily5wirhj42pdjz2fqr","name":"azure-cli-subscription_level_deployments6ily5wirhj42pdjz2fqr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployfoxpvudcjwktvrulkwqyq5ahvoiilztbism647/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploye3yxydc6vxwrflnganrn56iamsjorqjmpr/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-24T22:59:32.6230543Z","duration":"PT12.4536248S","correlationId":"55913071-f121-4b94-a9f6-8086d3e049b9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmp4a2wtjxqpfmz56czkva","name":"azure-cli-subscription_level_deploymentmp4a2wtjxqpfmz56czkva","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployfoxpvudcjwktvrulkwqyq5ahvoiilztbism647/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploye3yxydc6vxwrflnganrn56iamsjorqjmpr/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4tfvxbvb"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-24T22:58:52.9701403Z","duration":"PT37.9993679S","correlationId":"dd0eca23-9d54-44c8-b17e-d02587fb891c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4tfvxbvb"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7cn4iwy72phegmbqsyakj","name":"azure-cli-subscription_level_deployment7cn4iwy72phegmbqsyakj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoqoqzv5j4"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-24T22:56:25.5677004Z","duration":"PT58.5060948S","correlationId":"0adf6f48-4414-4d53-8847-5462d01dd091","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmpc5p6prbrqfrctqiwpyt","name":"azure-cli-subscription_level_deploymentmpc5p6prbrqfrctqiwpyt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy4a5i27xn6hczfbjj5ijlom2wcuzpkz74c7ixpd/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploys3aprmdvvequnv4xbphk4lrt6w54wjniru/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-17T23:23:16.0028373Z","duration":"PT4.0399953S","correlationId":"d1dd353b-2f4f-4182-9e70-e6e0ea133fab","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentj75qxto7dmb5ha5rscf7v","name":"azure-cli-subscription_level_deploymentj75qxto7dmb5ha5rscf7v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy4a5i27xn6hczfbjj5ijlom2wcuzpkz74c7ixpd/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploys3aprmdvvequnv4xbphk4lrt6w54wjniru/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoosk6jhxy"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T23:23:05.7998253Z","duration":"PT29.2929804S","correlationId":"36e54659-15c6-4d06-9b64-ee384e20ddad","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoosk6jhxy"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkjghl6o6qzserbe4luhco","name":"azure-cli-subscription_level_deploymentkjghl6o6qzserbe4luhco","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemojn2hsyfq"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-17T23:19:40.5907308Z","duration":"PT46.3091815S","correlationId":"e00ff55c-ba14-481e-8d93-68545fd99850","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5s3xffz7texhjjl3zctxo","name":"azure-cli-subscription_level_deployment5s3xffz7texhjjl3zctxo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoswigsqfm"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-11T00:43:15.4245591Z","duration":"PT4.1898129S","correlationId":"f7acf972-7c7d-486b-90c7-73861954cd52","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment365xevsthlfo3agw4w2aw","name":"azure-cli-subscription_level_deployment365xevsthlfo3agw4w2aw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoswigsqfm"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-11T00:42:55.0518188Z","duration":"PT55.1678005S","correlationId":"9881e001-5943-497d-b0fd-450f3ae9ce37","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoswigsqfm"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentlcy5filyoktocdfwrzmzu","name":"azure-cli-subscription_level_deploymentlcy5filyoktocdfwrzmzu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemozhwove3l"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-11T00:39:55.3888083Z","duration":"PT6.0913674S","correlationId":"87abc37d-35dd-4599-ac7b-38af38447bc3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthfw4w4mxaptqpurhljr2m","name":"azure-cli-subscription_level_deploymenthfw4w4mxaptqpurhljr2m","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemozhwove3l"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-11T00:39:39.010865Z","duration":"PT31.0649151S","correlationId":"6aa24db5-16f7-4cbc-bf52-e2e56e9a6a2f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemozhwove3l"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcdzkrm54wi3bnpclubcwx","name":"azure-cli-subscription_level_deploymentcdzkrm54wi3bnpclubcwx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployikodmgnfcble6z52o2saombt763ot4r7l7myov/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployu53d73uncl5uwjioz3sa4b2h6ywbasxxoh/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-04T00:37:38.7895577Z","duration":"PT27.7926106S","correlationId":"527d281d-350a-4c51-9264-4773ed741431","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcrslf2t5z3kwnk3wq2t5m","name":"azure-cli-subscription_level_deploymentcrslf2t5z3kwnk3wq2t5m","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployikodmgnfcble6z52o2saombt763ot4r7l7myov/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployu53d73uncl5uwjioz3sa4b2h6ywbasxxoh/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoymaobeem"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-04T00:36:57.4630951Z","duration":"PT51.7115268S","correlationId":"cb751ecd-ef51-4be6-a458-3fc3361b0f15","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoymaobeem"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment54qphxbseofbrelo6hauq","name":"azure-cli-subscription_level_deployment54qphxbseofbrelo6hauq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5oscno67"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-04T00:34:22.2821065Z","duration":"PT1M4.3065746S","correlationId":"b139355c-1224-4231-b376-831c91b96ba5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcjyjptcc7ajvp7eciwsz2","name":"azure-cli-subscription_level_deploymentcjyjptcc7ajvp7eciwsz2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4n5o2if7"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-04T00:33:15.8145885Z","duration":"PT37.6058202S","correlationId":"cdcf23fd-d41e-4ee7-b472-d5fffedae417","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4n5o2if7"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentaxuujddzbylmj7z6svqsg","name":"azure-cli-subscription_level_deploymentaxuujddzbylmj7z6svqsg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployxdzhn7gerfgyt4xcacozlfyymgbixfcjncbmlq/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployuprghkprfp745mhd4thm5odirijbmzlvqa/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-26T23:26:12.3031503Z","duration":"PT18.1454773S","correlationId":"f577b21d-e9e7-4da0-9aad-3a33a87d7cde","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmhjn2am2agjueduwoyx5b","name":"azure-cli-subscription_level_deploymentmhjn2am2agjueduwoyx5b","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployxdzhn7gerfgyt4xcacozlfyymgbixfcjncbmlq/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployuprghkprfp745mhd4thm5odirijbmzlvqa/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolow5fkbq"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-26T23:25:47.4098992Z","duration":"PT58.5686589S","correlationId":"9f8ff671-dbc4-4cb6-9f9b-14ee6990027c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolow5fkbq"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentnqa6qmt5ka4nlbi2okmf5","name":"azure-cli-subscription_level_deploymentnqa6qmt5ka4nlbi2okmf5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemonzg37pmi"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-26T23:22:23.0246547Z","duration":"PT5.6109908S","correlationId":"fbdcbe17-6eca-41e7-96a8-ff621c0f91b9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentssup74lwfzu3yqddltfx7","name":"azure-cli-subscription_level_deploymentssup74lwfzu3yqddltfx7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemonzg37pmi"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-26T23:21:54.0546508Z","duration":"PT47.795077S","correlationId":"1c9ebe71-1416-464d-a3c9-f9e1291790fb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemonzg37pmi"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmndeygufyhnynpcuq3wp3","name":"azure-cli-subscription_level_deploymentmndeygufyhnynpcuq3wp3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployxi67uur7iwqltny7bdkcjwyfhydbka237tfp55/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployq457af4hnv6zijijvs3mevemhn4exu63cy/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-24T06:51:26.7205605Z","duration":"PT4.245745S","correlationId":"8eed8669-52c2-4b90-899c-5c0a292a0ec8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkzkzoyae2fl7nx6y7npgd","name":"azure-cli-subscription_level_deploymentkzkzoyae2fl7nx6y7npgd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployxi67uur7iwqltny7bdkcjwyfhydbka237tfp55/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployq457af4hnv6zijijvs3mevemhn4exu63cy/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemodnlrbatd"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-24T06:50:50.6749935Z","duration":"PT33.0245184S","correlationId":"979f5890-f6a1-402e-8f8e-62095873d5e0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemodnlrbatd"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentalsht25mr3ghplhrx73fp","name":"azure-cli-subscription_level_deploymentalsht25mr3ghplhrx73fp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo54wny6lt"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-11-24T06:47:52.8793837Z","duration":"PT53.5712938S","correlationId":"496a28fa-8d86-4090-b282-f664b55aca44","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentghmtc7ls3zd6bgovkgjbs","name":"azure-cli-subscription_level_deploymentghmtc7ls3zd6bgovkgjbs","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo6oubftpk"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-24T06:46:46.6384003Z","duration":"PT41.6437255S","correlationId":"87c33234-a71d-45dd-bd00-0e783414b8be","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo6oubftpk"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvhpgfozzccviianunxr7w","name":"azure-cli-subscription_level_deploymentvhpgfozzccviianunxr7w","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployi3lggtkanbqou6y2wqnuey5qjjfsj3secsk5yo/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy3f2onfnyafoe575e6cf65hkpmv2u7s2kv2/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-20T00:01:54.780589Z","duration":"PT0.6313941S","correlationId":"fadf5e86-6c62-4d0d-8fb1-f139ee7ec539","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwkyu3atkijodw74rmz24f","name":"azure-cli-subscription_level_deploymentwkyu3atkijodw74rmz24f","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployi3lggtkanbqou6y2wqnuey5qjjfsj3secsk5yo/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy3f2onfnyafoe575e6cf65hkpmv2u7s2kv2/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5wwfki4q"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-20T00:01:45.7448182Z","duration":"PT25.4934037S","correlationId":"6a47c7f8-e0f4-4a94-b8f2-91e7f223925b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5wwfki4q"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentd357r7qvhje6h7v557nci","name":"azure-cli-subscription_level_deploymentd357r7qvhje6h7v557nci","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemofyyxgnd6"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-11-19T23:58:31.2632711Z","duration":"PT42.7818151S","correlationId":"87507c6e-031b-415e-8db5-0d1a653deab4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxx3ni3kzcoqclmlb6daqk","name":"azure-cli-subscription_level_deploymentxx3ni3kzcoqclmlb6daqk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy7sgbciekkgujheezhgrfxbwoi3e2bhk2yxktkv/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy2h35n2bzdflug3h4rlh6avvaxiwohhtzkl/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-11-12T23:24:58.7889343Z","duration":"PT9.3392592S","correlationId":"46209386-b0ef-4a59-9232-1843782ac29b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment3k5xlbr3xt6r6kjbkfd6k","name":"azure-cli-subscription_level_deployment3k5xlbr3xt6r6kjbkfd6k","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoyfzwpgln"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-12T23:21:54.1601017Z","duration":"PT32.6569263S","correlationId":"a7764e5d-2e18-4d05-93e6-2d8a1e36a3a4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoyfzwpgln"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentch5om365jjbndynskuopc","name":"azure-cli-subscription_level_deploymentch5om365jjbndynskuopc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploylceun5igu5y35jsds7nvwwa72fpm7xdbu5cbg7/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployelmz3amdquv5yyurcyuxohlqqskcnnjle4/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-11-05T23:58:52.9600523Z","duration":"PT2.8388251S","correlationId":"06da9669-3ffc-4bea-b0ef-dd29633e06cb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6lft4hjzz5wvyrxmwqweu","name":"azure-cli-subscription_level_deployment6lft4hjzz5wvyrxmwqweu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4ld4hyfd"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-05T23:57:56.4537948Z","duration":"PT34.2306516S","correlationId":"5d8c07bd-8558-4743-92d0-73d7fca45555","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4ld4hyfd"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentn4ie3myxtdklexbjx7nef","name":"azure-cli-subscription_level_deploymentn4ie3myxtdklexbjx7nef","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoogqghzys"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-11-05T23:55:34.7551568Z","duration":"PT9.1694025S","correlationId":"7c656ab9-b52e-46eb-bdf8-0f58f043c111","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgei3pk4cfhqrtgqqlnyq7","name":"azure-cli-subscription_level_deploymentgei3pk4cfhqrtgqqlnyq7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoogqghzys"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-05T23:54:47.547438Z","duration":"PT32.4244557S","correlationId":"70821372-4c7c-4f6e-88b9-060646e27128","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoogqghzys"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenti3scje4sogzc3jd33vrtc","name":"azure-cli-subscription_level_deploymenti3scje4sogzc3jd33vrtc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoheaqp4o3"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-03T09:10:42.6509743Z","duration":"PT8.4778665S","correlationId":"c6634a63-40ab-40d6-8133-0b85db1df733","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv5hl7r4v5ixi2f5okuaqx","name":"azure-cli-subscription_level_deploymentv5hl7r4v5ixi2f5okuaqx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoheaqp4o3"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-03T09:09:48.8043634Z","duration":"PT54.2647766S","correlationId":"a724218c-0c59-43cd-81a4-05463eb2ef76","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoheaqp4o3"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbu37uod2ergnut5lbuxtt","name":"azure-cli-subscription_level_deploymentbu37uod2ergnut5lbuxtt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemop7wwbus6"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-03T08:18:05.5897474Z","duration":"PT6.4948901S","correlationId":"406f3cfa-7980-4d7a-9edd-f51c869e1434","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjoj2zkwhlgzav67noj6rj","name":"azure-cli-subscription_level_deploymentjoj2zkwhlgzav67noj6rj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemop7wwbus6"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-03T08:17:11.5981865Z","duration":"PT46.2024706S","correlationId":"a4a6e817-8424-4376-b19c-84347128320d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemop7wwbus6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkrclxk25xu4x45igcyy66","name":"azure-cli-subscription_level_deploymentkrclxk25xu4x45igcyy66","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployyqls2khmkwewmzrxfdqj24vmbppyhj2g7lbnie/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployebfoftqen6znoiprmzsgpxc5po6jfnbn2q/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-03T08:03:44.3335901Z","duration":"PT9.5975126S","correlationId":"43351290-055f-479f-a17f-bba9d79cd8db","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentodwr2nuktauclxbmed7c5","name":"azure-cli-subscription_level_deploymentodwr2nuktauclxbmed7c5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployyqls2khmkwewmzrxfdqj24vmbppyhj2g7lbnie/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployebfoftqen6znoiprmzsgpxc5po6jfnbn2q/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemom64tuqpe"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-03T08:02:58.4603338Z","duration":"PT1M40.5467594S","correlationId":"da8c95de-2a58-47c8-abfa-a576f3e49623","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemom64tuqpe"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmnos7aagj55hk7w4hax2h","name":"azure-cli-subscription_level_deploymentmnos7aagj55hk7w4hax2h","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployqak2hhki6qaifh65th3wuujkqceq3fa5zfklqx/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy5gzmiu5k2lqytyszq5rfv7ugh5ixsfm7il/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-11-01T22:57:22.4520301Z","duration":"PT14.1257832S","correlationId":"f48cdbc1-d1ba-4c50-aaac-d936315e36ac","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentdvlqd53kz6wht32dt65u3","name":"azure-cli-subscription_level_deploymentdvlqd53kz6wht32dt65u3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5t7jh433"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-01T22:54:18.9438245Z","duration":"PT33.0414565S","correlationId":"3f3d9159-1dfc-45d5-92a1-17dac9bf6918","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5t7jh433"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment64mmmergzjvajzskrfmwm","name":"azure-cli-subscription_level_deployment64mmmergzjvajzskrfmwm","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo33fdzzrw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-01T22:51:52.9707875Z","duration":"PT1.9569289S","correlationId":"96eee62f-10d1-48c1-b07a-92906e0c2786","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2zybpneoss2psgnepo2rf","name":"azure-cli-subscription_level_deployment2zybpneoss2psgnepo2rf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo33fdzzrw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-01T22:51:41.4927779Z","duration":"PT30.2840155S","correlationId":"9ceccd4c-1425-46f7-8d38-d41108e00b4c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo33fdzzrw"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentupbnagmepymbqex7inayn","name":"azure-cli-subscription_level_deploymentupbnagmepymbqex7inayn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploysw74qwsjcr7tpb4hmvlwjtvf7apcocmnqlegih/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploydzzkw2yndj2mt77e6kecuc6dlv3hkcwfik/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-27T09:43:21.4636514Z","duration":"PT5.5146058S","correlationId":"34f2b289-eb9d-439b-8386-9e562d62b5c7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2375qhyspdl73tzyo5yca","name":"azure-cli-subscription_level_deployment2375qhyspdl73tzyo5yca","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemowvkosno6"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-27T09:42:53.7634752Z","duration":"PT7.4232268S","correlationId":"36bc35dc-b798-467c-9f6e-8cb3476e4f7c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyufmjtkyuqwixosfj5xqa","name":"azure-cli-subscription_level_deploymentyufmjtkyuqwixosfj5xqa","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemowvkosno6"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-27T09:42:04.6473494Z","duration":"PT45.8093909S","correlationId":"574f5a56-170f-4eae-a358-b20d44ca3448","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemowvkosno6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentomlxwzyxr4to5s4txe4p2","name":"azure-cli-subscription_level_deploymentomlxwzyxr4to5s4txe4p2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolfqs7mn5"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-27T09:39:23.9939273Z","duration":"PT10.9044315S","correlationId":"b49ef8a7-961d-46d2-9dbc-9215a792afad","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentpsxkqur3z2bh2ybrs4ikw","name":"azure-cli-subscription_level_deploymentpsxkqur3z2bh2ybrs4ikw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolfqs7mn5"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-27T09:38:33.4383697Z","duration":"PT59.1903818S","correlationId":"5700e763-0daa-4a70-bd50-4df353dfd9a5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolfqs7mn5"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2vt5vzb6lcyyr5lm7gqjr","name":"azure-cli-subscription_level_deployment2vt5vzb6lcyyr5lm7gqjr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy2eer2mfl3d7wyrm66z2b53xgcjszwnd4u7tcln/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployqpgw3brfm7sofmpgyu5uyeeq33nyw6dszc/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-27T06:41:09.3730194Z","duration":"PT2.5147106S","correlationId":"9d2a5b1e-268e-460c-904e-8aef6e7fba7e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentujgvqefwipzidwp5z3x5x","name":"azure-cli-subscription_level_deploymentujgvqefwipzidwp5z3x5x","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemox5wdpv3q"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-27T06:39:39.853222Z","duration":"PT35.012633S","correlationId":"4a958f4f-ccb8-40e4-a831-48228091ee58","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemox5wdpv3q"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentrbia7462bf2zlp5cloquk","name":"azure-cli-subscription_level_deploymentrbia7462bf2zlp5cloquk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemowpffmhgc"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-27T06:37:12.8348934Z","duration":"PT3.497277S","correlationId":"9968b91c-7117-4d90-bdf8-3aa3b39cfb57","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentamlqdza42iy7ypapyurpz","name":"azure-cli-subscription_level_deploymentamlqdza42iy7ypapyurpz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemowpffmhgc"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-27T06:36:32.2485974Z","duration":"PT33.1649548S","correlationId":"218b076b-4506-4f25-8ae1-48f8dfa0d6fd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemowpffmhgc"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjokx4la6h26zbs3j5drsh","name":"azure-cli-subscription_level_deploymentjokx4la6h26zbs3j5drsh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemou5am7uov"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-26T08:37:23.3314031Z","duration":"PT49.4113398S","correlationId":"41db4378-6719-4c5a-a3a5-6c84deceeb79","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthkl4nt3ez5jodq4hqxrrm","name":"azure-cli-subscription_level_deploymenthkl4nt3ez5jodq4hqxrrm","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoyk2um5dz"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:35:58.0062204Z","duration":"PT42.4853873S","correlationId":"91f21c13-dbcc-4b4b-832a-f409692cc4d2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoyk2um5dz"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentckdup764sosxqvof7tgq5","name":"azure-cli-subscription_level_deploymentckdup764sosxqvof7tgq5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoamvso7yw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-26T08:35:27.2598247Z","duration":"PT12.1329579S","correlationId":"f65e44ff-9258-4fdf-8829-3ef5707bb7d5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''10/26/2020 + 8:35:26 AM'' is still active (expiration time is ''11/2/2020 8:35:25 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentafzvn6ltgsnmfha3de4rz","name":"azure-cli-subscription_level_deploymentafzvn6ltgsnmfha3de4rz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemohdnig6at"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:24:57.7263588Z","duration":"PT51.3650992S","correlationId":"9c3d693f-f065-4cc0-9d1c-6975afe7ccbe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemocrf4nkw3"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfdm3urpx6jjwdtvrcez7u","name":"azure-cli-subscription_level_deploymentfdm3urpx6jjwdtvrcez7u","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemocrf4nkw3"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:24:59.680664Z","duration":"PT53.6754822S","correlationId":"91b39b19-5963-4771-a6ec-a8910099896a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemocrf4nkw3"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7y36arzeab35yl2s4vwvh","name":"azure-cli-subscription_level_deployment7y36arzeab35yl2s4vwvh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployf4lwr73bjnx66pljdp77ja4p3o4jjhj7thdxnr/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployn6yvz5y6bsxjdm3ccj4lg4gwp53c4t4tk3/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-23T17:24:22.6517044Z","duration":"PT3.7770103S","correlationId":"9fd525e2-ab02-4a5c-ab34-e6c60d26e954","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentlgx2psb3w3qdxd7hh5dz4","name":"azure-cli-subscription_level_deploymentlgx2psb3w3qdxd7hh5dz4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo47kchprs"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-23T17:24:15.7501573Z","duration":"PT31.2634498S","correlationId":"8f59b1e8-a10f-4541-9396-33d1906e32a9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo47kchprs"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfa5a3otuwbstxryiteqa2","name":"azure-cli-subscription_level_deploymentfa5a3otuwbstxryiteqa2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemojggn24ze"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-23T17:21:17.1116337Z","duration":"PT33.2488244S","correlationId":"42b8c398-5c45-404c-a1bb-b322c2268168","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemojggn24ze"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentld23dpiq4xc6lq7blag4a","name":"azure-cli-subscription_level_deploymentld23dpiq4xc6lq7blag4a","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployck3xdvj6zmc3ixy4px3ufras37eovebxbuaxwk/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploys4vwxsbipkw2hxcbsgycvmthtqzjwtdtkj/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-18T17:18:32.6264646Z","duration":"PT10.8177274S","correlationId":"75e34b61-bd1d-46be-b99f-6d1418ace959","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5tzx7y72mzbinbw2x6fq6","name":"azure-cli-subscription_level_deployment5tzx7y72mzbinbw2x6fq6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo4m5ulpzt"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-18T17:16:21.5229853Z","duration":"PT31.2984455S","correlationId":"f4ee9a0c-b6c9-499f-8caf-5f6f81539683","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4m5ulpzt"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentenlagk5oals4asg3ulgfc","name":"azure-cli-subscription_level_deploymentenlagk5oals4asg3ulgfc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemol7khyufg"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-18T17:13:10.7481358Z","duration":"PT32.3788985S","correlationId":"ce792535-a9b8-463b-be27-98c6d22ee99d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemol7khyufg"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentssqgodri6v4ilzvvcnetj","name":"azure-cli-subscription_level_deploymentssqgodri6v4ilzvvcnetj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployx25vpnd7bfhjy76txmzwlftsobxpvya7p3t77l/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployxreg5k6v5p4rw76wvxee4yzul4flr3sj6g/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-16T19:39:36.4410905Z","duration":"PT14.0673884S","correlationId":"a7e188f6-c801-43bd-b6fb-f42a26c7579d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcidgoaabzbgrs5f7elquq","name":"azure-cli-subscription_level_deploymentcidgoaabzbgrs5f7elquq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo2xfu5hxj"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-16T19:37:27.6608433Z","duration":"PT2.8856665S","correlationId":"3496d4ce-2cd5-424d-acd0-a369a9840d08","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenty5vuqjjorrysu6dfrexnz","name":"azure-cli-subscription_level_deploymenty5vuqjjorrysu6dfrexnz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo2xfu5hxj"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-16T19:37:13.7432944Z","duration":"PT29.0826519S","correlationId":"6e17e194-532d-4710-b147-1190a7062995","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo2xfu5hxj"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwn4zmo5uqrqlnbz45ilmc","name":"azure-cli-subscription_level_deploymentwn4zmo5uqrqlnbz45ilmc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoddrounqv"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-16T19:34:43.2881706Z","duration":"PT31.1178768S","correlationId":"bd54aee8-df5b-4398-a0aa-ae64dada6a14","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoddrounqv"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentchbb3jcdmpqzum4nu4ozr","name":"azure-cli-subscription_level_deploymentchbb3jcdmpqzum4nu4ozr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploycjt6oydmunnjvod66tdp4npbxkz6hzb4ylqwhu/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployyb63hletmnu7m46p4aov2mfzjkuigxcsfe/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-14T17:49:51.5184355Z","duration":"PT2.7560328S","correlationId":"1ead031d-3788-41d6-a5fc-51d0f8c21b02","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentdaqu53w4a3sqbkxzprvyo","name":"azure-cli-subscription_level_deploymentdaqu53w4a3sqbkxzprvyo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoageydvor"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-14T17:48:42.0852006Z","duration":"PT34.2981213S","correlationId":"a1a8dccf-00c0-49f4-a203-158aab6636be","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoageydvor"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjtrbjphn2ehd6pncyynxx","name":"azure-cli-subscription_level_deploymentjtrbjphn2ehd6pncyynxx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5hxxlla4"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-14T17:46:15.3115913Z","duration":"PT3.6276385S","correlationId":"7a9e122f-cc0a-4b6a-be0d-683e2d47ab1a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5gi5rpw2xk7t5kfacybvy","name":"azure-cli-subscription_level_deployment5gi5rpw2xk7t5kfacybvy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5hxxlla4"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-14T17:45:36.584888Z","duration":"PT35.57644S","correlationId":"32bcc7db-c199-40e5-a51e-9579f66deba4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5hxxlla4"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxfediungy7gzj4pdqaomr","name":"azure-cli-subscription_level_deploymentxfediungy7gzj4pdqaomr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployhidxuutrvnm3qbskrfrtp6i7ridshpop3ehveu/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy4pk7vetiifyxb6ysdvjpjqzpsrse3pczp6/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-12T13:11:56.6876584Z","duration":"PT3.7316683S","correlationId":"abdd0527-097a-44d1-af43-1ffa0d8e761a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4mv63ibzczkh5oul7mug5","name":"azure-cli-subscription_level_deployment4mv63ibzczkh5oul7mug5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoff3r2fvm"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-10-12T13:11:22.5560593Z","duration":"PT11.762181S","correlationId":"e1b1742c-00d8-4562-a619-36fd69154753","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."},{"code":"PolicyDefinitionNotFound","message":"The + policy assignment create request is invalid. The policy definition ''/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2'' + could not be found."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta6p3gqn4wbbagdqfp7tyy","name":"azure-cli-subscription_level_deploymenta6p3gqn4wbbagdqfp7tyy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoff3r2fvm"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-12T13:11:01.2313557Z","duration":"PT30.9251196S","correlationId":"c597ecec-9f6e-48a5-b6be-f232844c0fd6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoff3r2fvm"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentnje74xtvxdj4rivrasbsr","name":"azure-cli-subscription_level_deploymentnje74xtvxdj4rivrasbsr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolhhd5a7s"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-12T13:08:38.6027245Z","duration":"PT4.5416026S","correlationId":"d603ff73-1c6e-4032-873a-22c6b589cf42","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentslp6itj4eskjyvm4a4qgt","name":"azure-cli-subscription_level_deploymentslp6itj4eskjyvm4a4qgt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemolhhd5a7s"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-12T13:07:57.3419099Z","duration":"PT35.0239998S","correlationId":"bcfdb3dd-1dc3-4d00-8cda-a868bd0aeed2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolhhd5a7s"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentzvkpzupu4a5jivhinuu55","name":"azure-cli-subscription_level_deploymentzvkpzupu4a5jivhinuu55","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoahur6yn5"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-09-28T17:14:40.0343577Z","duration":"PT3.4401538S","correlationId":"ac3ba6e3-0195-4045-8948-bc24b9a61940","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthb47xnhlldf2rqb2nfpht","name":"azure-cli-subscription_level_deploymenthb47xnhlldf2rqb2nfpht","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoahur6yn5"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-28T17:14:26.4948934Z","duration":"PT31.2277817S","correlationId":"de3ac222-2b71-4ff9-8b51-fd2ef618a867","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoahur6yn5"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5s5g25jgycfe5o7nt6bk2","name":"azure-cli-subscription_level_deployment5s5g25jgycfe5o7nt6bk2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo3pdzixnp"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-09-28T17:12:03.4410584Z","duration":"PT3.3627442S","correlationId":"f6a35d1c-c444-47e1-bbf8-eb707eb61cdf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymento2sqcl7fjq7satzpmmzsh","name":"azure-cli-subscription_level_deploymento2sqcl7fjq7satzpmmzsh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo3pdzixnp"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-28T17:11:50.9259137Z","duration":"PT31.4115568S","correlationId":"29f17f56-c4b4-4285-9aac-f278105fd667","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo3pdzixnp"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment77wbjmoaj55gqugwy6gey","name":"azure-cli-subscription_level_deployment77wbjmoaj55gqugwy6gey","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoknyeibzk"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-26T15:40:40.452254Z","duration":"PT32.0441099S","correlationId":"cd575747-fd5a-40f1-b866-c62c482d8881","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoknyeibzk"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgctk6t5tirkccxojwfa45","name":"azure-cli-subscription_level_deploymentgctk6t5tirkccxojwfa45","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemopyupncud"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-09-26T15:38:15.6484485Z","duration":"PT3.6907093S","correlationId":"d888916f-da6f-44f3-9796-125ed3d6e4ce","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentldzaesyxpblswqvd6lctn","name":"azure-cli-subscription_level_deploymentldzaesyxpblswqvd6lctn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemopyupncud"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-26T15:37:33.3444058Z","duration":"PT34.7600055S","correlationId":"cc1ca69e-ed92-429e-9edb-f188541e3448","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemopyupncud"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwhnsopj5nfkcehfufoyay","name":"azure-cli-subscription_level_deploymentwhnsopj5nfkcehfufoyay","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemouhciwzba"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-09-25T20:26:35.1586837Z","duration":"PT3.8798388S","correlationId":"05c03fa5-28cf-4c00-bc50-21f6b0cf819a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthx6tdczws2i43r47zjznj","name":"azure-cli-subscription_level_deploymenthx6tdczws2i43r47zjznj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemouhciwzba"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-25T20:25:54.3910017Z","duration":"PT35.4671695S","correlationId":"6c2d82cf-545c-49f7-bc66-cbfc35d816d9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemouhciwzba"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwzts3rw5kfags3nkkknfl","name":"azure-cli-subscription_level_deploymentwzts3rw5kfags3nkkknfl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemos7bfu3lw"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-25T20:22:59.4623502Z","duration":"PT41.2073051S","correlationId":"6b7f0283-cf84-465a-8598-67db0a34ee3b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemos7bfu3lw"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentywainfvizu7juj4q2adbj","name":"azure-cli-subscription_level_deploymentywainfvizu7juj4q2adbj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo5kiuxgc3"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-18T19:42:16.0344667Z","duration":"PT3.5353108S","correlationId":"ec84a4bb-724a-4e06-8a25-4becfb796c33","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''9/18/2020 + 7:42:13 PM'' is still active (expiration time is ''9/25/2020 7:42:12 PM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4nabp3xuz3klmeqcgxpia","name":"azure-cli-subscription_level_deployment4nabp3xuz3klmeqcgxpia","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemooo4f5vk5"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-18T19:42:44.4324159Z","duration":"PT36.2681426S","correlationId":"2cfb0f69-0914-4d22-b0df-48880f585882","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemooo4f5vk5"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvylv65t5bauk7wdrv2f3t","name":"azure-cli-subscription_level_deploymentvylv65t5bauk7wdrv2f3t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemox6nt6rsq"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-15T13:20:51.0354473Z","duration":"PT48.755778S","correlationId":"a46f1c30-c0d3-49a2-a2e8-fbc2b95aeba8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd3751","name":"csmd3751","type":"Microsoft.Resources/deployments","location":"westus","tags":{"tagKey1":"tagValue1"},"properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1803"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-15T01:27:21.4686527Z","duration":"PT48.5308794S","correlationId":"45ccc9df-f97b-4c52-98df-66012e2c05ab","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd8514","name":"csmd8514","type":"Microsoft.Resources/deployments","location":"westus","tags":{"tagKey1":"tagValue1"},"properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1803"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-14T09:53:53.1203438Z","duration":"PT40.8206612S","correlationId":"ff3fff13-926b-4cf3-a090-ed7bb4b6d0e3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd700","name":"csmd700","type":"Microsoft.Resources/deployments","location":"westus","tags":{"tagKey1":"tagValue1"},"properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1803"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-14T09:45:08.5594938Z","duration":"PT47.0072844S","correlationId":"17191fe7-f842-4c85-a40d-99ec91b741e3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd7541","name":"csmd7541","type":"Microsoft.Resources/deployments","location":"westus","tags":{"tagKey1":"tagValue1"},"properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1803"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-14T09:10:55.4991831Z","duration":"PT38.215079S","correlationId":"2b38e4db-0c10-4fd7-802b-300967fe525c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentnmw4u4bce4hmunfxyjmwy","name":"azure-cli-subscription_level_deploymentnmw4u4bce4hmunfxyjmwy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemor3fiaz7d"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-11T19:34:19.8178186Z","duration":"PT42.5364846S","correlationId":"3a3e3aae-21de-4109-a955-b5be2830fffc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentzqs7z75krl4wplejoe7fi","name":"azure-cli-subscription_level_deploymentzqs7z75krl4wplejoe7fi","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-05T03:27:05.3010353Z","duration":"PT38.054792S","correlationId":"bcb74fdd-7856-4757-9f1d-eceda581b54c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkvxkmh6zlzopyhj7re6mi","name":"azure-cli-subscription_level_deploymentkvxkmh6zlzopyhj7re6mi","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-05T03:25:21.8175771Z","duration":"PT35.0120952S","correlationId":"117f19db-3a6c-42b2-b951-a91a43eb6fca","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcl37sv2segzmwc332zjok","name":"azure-cli-subscription_level_deploymentcl37sv2segzmwc332zjok","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemog22wkdku"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-04T19:32:03.7445753Z","duration":"PT56.0305039S","correlationId":"2429a077-d982-4027-91b3-0be245ee66de","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentdspbo6jtkseqs6iyl2rh6","name":"azure-cli-subscription_level_deploymentdspbo6jtkseqs6iyl2rh6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-04T15:49:58.694428Z","duration":"PT26.1720373S","correlationId":"b11156a1-27fd-42f5-8d11-240e214d849f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentiunjuzo2q5nvye7fzq3fg","name":"azure-cli-subscription_level_deploymentiunjuzo2q5nvye7fzq3fg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-04T15:48:19.4443577Z","duration":"PT23.1653044S","correlationId":"8f95c5d7-40a9-4cfa-9650-b4e2f31e9988","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmc7fymmgkti6ebt5sy57l","name":"azure-cli-subscription_level_deploymentmc7fymmgkti6ebt5sy57l","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-04T14:27:03.321739Z","duration":"PT34.8959494S","correlationId":"4df13def-ee85-4420-90b7-076d73dbe316","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthk44rtanctm2ypagdv6bj","name":"azure-cli-subscription_level_deploymenthk44rtanctm2ypagdv6bj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-09-04T14:25:25.1020305Z","duration":"PT23.3756806S","correlationId":"a8ed28b8-1cfa-48e5-bb6a-e7b161560159","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5v3hwodaw2pi2gaknnzr4","name":"azure-cli-subscription_level_deployment5v3hwodaw2pi2gaknnzr4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-31T08:09:26.7115967Z","duration":"PT11.3639309S","correlationId":"d4277a27-49be-4b25-a34f-544743fe1a24","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentddzfij3ryy6ykq74a3d5c","name":"azure-cli-subscription_level_deploymentddzfij3ryy6ykq74a3d5c","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-31T08:09:27.3474091Z","duration":"PT17.7138724S","correlationId":"f87e6d66-995c-4c4b-99c8-fe368f47f6fe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentlzlh2s4ddwkz7mxjr4lql","name":"azure-cli-subscription_level_deploymentlzlh2s4ddwkz7mxjr4lql","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-31T03:52:13.1658489Z","duration":"PT8.402731S","correlationId":"822243a8-f8df-43a1-bb1a-358c46567c2a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvs57w3i7kztjlffzenkqh","name":"azure-cli-subscription_level_deploymentvs57w3i7kztjlffzenkqh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-28T19:32:10.7733789Z","duration":"PT12.4374584S","correlationId":"4d24081c-d91c-4a72-8d27-b8ca77f5de89","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbtyfuuvpvavmggfp7kyyd","name":"azure-cli-subscription_level_deploymentbtyfuuvpvavmggfp7kyyd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-28T19:32:02.7418891Z","duration":"PT10.797868S","correlationId":"9f67da17-0d49-4122-9a65-0ac793a6cf50","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkrzwjt4g6pqpcckkzk5ia","name":"azure-cli-subscription_level_deploymentkrzwjt4g6pqpcckkzk5ia","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemotdv7apam"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-08-28T09:09:32.3326329Z","duration":"PT9.5590931S","correlationId":"17dd9d9e-b24e-47d0-864c-89dfcad5b0cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentszof7w2ssvbn7u2lhpflg","name":"azure-cli-subscription_level_deploymentszof7w2ssvbn7u2lhpflg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemotdv7apam"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-28T09:08:20.0379649Z","duration":"PT1M1.3476761S","correlationId":"54464f60-409f-4738-8011-1fab3e235027","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemotdv7apam"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentpurhn3xfrgtbzdcrfbyxi","name":"azure-cli-subscription_level_deploymentpurhn3xfrgtbzdcrfbyxi","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoj7ttfpav"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-08-28T08:26:30.5104426Z","duration":"PT9.5065665S","correlationId":"f86bb0b7-38e3-4988-a136-d16f20147e43","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjs47cmthd7p6ubpely4li","name":"azure-cli-subscription_level_deploymentjs47cmthd7p6ubpely4li","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemoj7ttfpav"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-28T08:25:48.8304143Z","duration":"PT53.8448205S","correlationId":"6b7feda0-99f3-42a0-97de-37c8f839d94b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoj7ttfpav"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentzu5uamcbfvq2ayntxffi6","name":"azure-cli-subscription_level_deploymentzu5uamcbfvq2ayntxffi6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-24T14:23:12.4342862Z","duration":"PT15.0369338S","correlationId":"87a8145e-0920-44f8-b39a-76bd448047d4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentnczfa3wzaikg5elwawjlh","name":"azure-cli-subscription_level_deploymentnczfa3wzaikg5elwawjlh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-21T19:31:35.2642053Z","duration":"PT23.9600679S","correlationId":"32a1ff0d-3687-4898-b58b-70d6f2dce76a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentlnniaz7txkufok2tbnang","name":"azure-cli-subscription_level_deploymentlnniaz7txkufok2tbnang","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-21T19:29:58.1449034Z","duration":"PT11.3416348S","correlationId":"8273cf30-ceb5-423f-ad82-230a9f3bf55c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkuoyr2ojavt6ondmwfowp","name":"azure-cli-subscription_level_deploymentkuoyr2ojavt6ondmwfowp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-18T11:00:57.3832455Z","duration":"PT2.9646422S","correlationId":"3686de11-761b-4ab7-89a7-161c365f011c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''8/18/2020 + 11:00:56 AM'' is still active (expiration time is ''8/25/2020 11:00:54 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjfa4b5x5n7nlzbbu2sq35","name":"azure-cli-subscription_level_deploymentjfa4b5x5n7nlzbbu2sq35","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-18T11:01:22.6749577Z","duration":"PT33.1443174S","correlationId":"5a0a4dd3-ad23-4724-967a-2890134c3e6e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkwljja43oejah5z5woioo","name":"azure-cli-subscription_level_deploymentkwljja43oejah5z5woioo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-17T07:39:54.339883Z","duration":"PT4.8740856S","correlationId":"bf54e81b-2b54-4cd9-984a-d11ab220d0b1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''8/17/2020 + 7:39:51 AM'' is still active (expiration time is ''8/24/2020 7:39:49 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployments2h5xpgheb2bnerrlisp2","name":"azure-cli-subscription_level_deployments2h5xpgheb2bnerrlisp2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-17T07:40:17.4925876Z","duration":"PT34.7434411S","correlationId":"4e06af9c-be10-4dbd-a694-e85aa9d37066","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentw2rrpu5zhe3g7ifsm3bn5","name":"azure-cli-subscription_level_deploymentw2rrpu5zhe3g7ifsm3bn5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-14T19:47:44.4555794Z","duration":"PT6.2954365S","correlationId":"d0a32af9-049f-4641-a3df-3766cc4b0c01","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''8/14/2020 + 7:47:40 PM'' is still active (expiration time is ''8/21/2020 7:47:39 PM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymente6gzvteka3jvnjbuppe7x","name":"azure-cli-subscription_level_deploymente6gzvteka3jvnjbuppe7x","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-14T19:48:28.7376171Z","duration":"PT55.1788356S","correlationId":"d36d4373-b7d1-4a7b-ad0a-f1ade9479764","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentko7syg5on54mnyk7unkia","name":"azure-cli-subscription_level_deploymentko7syg5on54mnyk7unkia","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-14T14:23:02.5755047Z","duration":"PT41.6447632S","correlationId":"1ae40ae1-2d8f-4ae9-ba3c-9f1c44c9df13","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment67oub77gpuw56gld2td3t","name":"azure-cli-subscription_level_deployment67oub77gpuw56gld2td3t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-10T05:20:56.9274126Z","duration":"PT10.012119S","correlationId":"52ffa061-5c19-4a98-9723-141523490bf4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentqvaq4akcq7j6gzqe6bf7g","name":"azure-cli-subscription_level_deploymentqvaq4akcq7j6gzqe6bf7g","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-01T01:13:00.8525995Z","duration":"PT5.0277182S","correlationId":"1e8b980c-21de-4725-9aad-3b77fb6e86f0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''8/1/2020 + 1:12:56 AM'' is still active (expiration time is ''8/8/2020 1:12:55 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6sfm6zbtaqwrlifdbgouu","name":"azure-cli-subscription_level_deployment6sfm6zbtaqwrlifdbgouu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-08-01T01:13:07.8096746Z","duration":"PT16.9965835S","correlationId":"29774699-ec1e-4e76-9a7c-7bce189aedf7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjvcpheyfztcqawjb7sney","name":"azure-cli-subscription_level_deploymentjvcpheyfztcqawjb7sney","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-25T01:19:04.283353Z","duration":"PT9.7172158S","correlationId":"3156bce5-5f49-4901-8286-e93299737074","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."},{"code":"PolicyDefinitionNotFound","message":"The + policy assignment create request is invalid. The policy definition ''/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2'' + could not be found."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment73lfdwunsvnur7wkpnyvg","name":"azure-cli-subscription_level_deployment73lfdwunsvnur7wkpnyvg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-25T01:18:22.0158901Z","duration":"PT38.859889S","correlationId":"56b5ec80-8fb1-4ac7-a941-9d23108e975c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment24adr7vphrnblaboovmib","name":"azure-cli-subscription_level_deployment24adr7vphrnblaboovmib","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-25T01:15:49.6125732Z","duration":"PT3.8989949S","correlationId":"c85a7238-0dc9-43d5-a048-a33692f95ebe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment54xy2jdhbuyg7mnm4ciiw","name":"azure-cli-subscription_level_deployment54xy2jdhbuyg7mnm4ciiw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-25T01:15:11.0769517Z","duration":"PT37.4332934S","correlationId":"63512c1a-36d1-4d37-a999-f9e1c1ec42f0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentlf6vi6mpwhgeldo4nck3v","name":"azure-cli-subscription_level_deploymentlf6vi6mpwhgeldo4nck3v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-21T12:36:39.8764162Z","duration":"PT15.2049215S","correlationId":"b205432b-9c6d-438c-bece-173f8ac702cd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5lggfutuntfw5ly6y35by","name":"azure-cli-subscription_level_deployment5lggfutuntfw5ly6y35by","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-21T12:35:15.4060655Z","duration":"PT15.2250874S","correlationId":"819d0d46-7e12-40b7-beca-5ffba787aaa7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment45skfumg5medsp5div5ff","name":"azure-cli-subscription_level_deployment45skfumg5medsp5div5ff","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-18T01:15:29.782849Z","duration":"PT4.9731649S","correlationId":"1414c46b-43cd-4a30-8fd7-5d7e83d1f57d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgs7sfvatdpwp2mttgmabj","name":"azure-cli-subscription_level_deploymentgs7sfvatdpwp2mttgmabj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-18T01:14:53.1821199Z","duration":"PT39.986168S","correlationId":"953c02a4-3558-4e12-be57-f8ac6b4b8e97","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7hyjuyc2gidksqob6rd4t","name":"azure-cli-subscription_level_deployment7hyjuyc2gidksqob6rd4t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-18T01:12:20.1748552Z","duration":"PT3.5616285S","correlationId":"590d15e5-8b6e-4726-952f-c3575f291c08","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6xdmccreoaijqtxgvw3ue","name":"azure-cli-subscription_level_deployment6xdmccreoaijqtxgvw3ue","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-18T01:11:41.4984238Z","duration":"PT35.3309029S","correlationId":"37356d12-177a-4019-8fe3-bccae8bf7de7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5bge4hhhsf4rwxdxfvdhy","name":"azure-cli-subscription_level_deployment5bge4hhhsf4rwxdxfvdhy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-15T16:18:13.158562Z","duration":"PT5.0896017S","correlationId":"4abae151-381e-41ea-9ebd-3be92a135145","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested6'': previous deployment from ''7/15/2020 + 4:18:03 PM'' is still active (expiration time is ''7/22/2020 4:18:01 PM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentuy2smi7tpgsqwiwxifuol","name":"azure-cli-subscription_level_deploymentuy2smi7tpgsqwiwxifuol","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-15T16:18:34.6883167Z","duration":"PT38.1736667S","correlationId":"e9fb85b9-7cbb-4559-b674-e2283faa1d23","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6zpneswmgmbajngt6gytt","name":"azure-cli-subscription_level_deployment6zpneswmgmbajngt6gytt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-14T09:28:36.4840355Z","duration":"PT6.1810538S","correlationId":"d184e037-82a1-4f33-b33d-cbaefdabff2d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The - resource group ''cli_tenant_level_deployment'' is in deprovisioning state - and cannot perform this operation."}]}}}]}' + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentntyf7lcqbacmlyyzteiei","name":"azure-cli-subscription_level_deploymentntyf7lcqbacmlyyzteiei","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-14T09:27:59.0873879Z","duration":"PT39.2054954S","correlationId":"1f1a46eb-58fc-4bb3-ba9a-959686ac57c4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentq24r4e6yhza6s23u5post","name":"azure-cli-subscription_level_deploymentq24r4e6yhza6s23u5post","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-14T09:26:22.7265572Z","duration":"PT56.1199921S","correlationId":"20a8859b-e27b-4634-9c7a-f7ae9a7ece99","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymento2azdf3fqxv3cyi2zyfgx","name":"azure-cli-subscription_level_deploymento2azdf3fqxv3cyi2zyfgx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-11T01:18:30.0248125Z","duration":"PT3.0238688S","correlationId":"6111786a-26ea-4207-b2b5-78eb261ba944","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentoty225tribntevn5j46fs","name":"azure-cli-subscription_level_deploymentoty225tribntevn5j46fs","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-11T01:17:46.7282712Z","duration":"PT31.2050304S","correlationId":"218613db-e5df-4d01-8b52-74931afe3bf0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkz2taqiur324fxztfuwp7","name":"azure-cli-subscription_level_deploymentkz2taqiur324fxztfuwp7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-11T01:15:24.4742059Z","duration":"PT0.892084S","correlationId":"3231af6a-efab-446b-b91b-7dea3e98d217","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwo64k5giic4zvgbv3lqxc","name":"azure-cli-subscription_level_deploymentwo64k5giic4zvgbv3lqxc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-11T01:14:57.087343Z","duration":"PT41.7812905S","correlationId":"71160e66-a113-4e31-8748-2f7301208ee1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyvqhppr4e3ndm5vpknevp","name":"azure-cli-subscription_level_deploymentyvqhppr4e3ndm5vpknevp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-04T01:15:07.2904923Z","duration":"PT2.8877533S","correlationId":"3665bb11-b265-495e-839b-260927afa141","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgfcwlr7536i37xhlg3wpc","name":"azure-cli-subscription_level_deploymentgfcwlr7536i37xhlg3wpc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-04T01:14:30.1792929Z","duration":"PT36.3043492S","correlationId":"6f747df4-e893-4b97-ab07-8f2966218b32","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxivmtjgedfuaghfvkhgnw","name":"azure-cli-subscription_level_deploymentxivmtjgedfuaghfvkhgnw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-07-04T01:12:01.8858721Z","duration":"PT3.1437597S","correlationId":"29ead739-3921-4980-b2e6-ced71619fe7a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbg7bzt57n3pb3znbep4cz","name":"azure-cli-subscription_level_deploymentbg7bzt57n3pb3znbep4cz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-07-04T01:11:27.3594183Z","duration":"PT38.601173S","correlationId":"6b2e6ba0-0e27-4cc2-8abe-be77332760fa","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentqunur35yt3ehpzbawpaku","name":"azure-cli-subscription_level_deploymentqunur35yt3ehpzbawpaku","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-07-02T16:50:46.3506934Z","duration":"PT47.6937507S","correlationId":"5b355ce3-d84c-43b7-9eaa-344b91ade0ee","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentotsc4xz6itgqemrmtocap","name":"azure-cli-subscription_level_deploymentotsc4xz6itgqemrmtocap","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-05-26T10:35:26.5203853Z","duration":"PT41.9017154S","correlationId":"f651207c-5bd6-4983-862a-ebb0a753f245","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentpou4rimmjoz4zptv6lgb6","name":"azure-cli-subscription_level_deploymentpou4rimmjoz4zptv6lgb6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-05-26T10:03:41.3927078Z","duration":"PT6.9040638S","correlationId":"e2b7ec90-68cf-4ef1-bb05-11dc0eca5f1a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxtibmvss7ds24mvau52eu","name":"azure-cli-subscription_level_deploymentxtibmvss7ds24mvau52eu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-05-26T10:02:38.5322293Z","duration":"PT1M5.7028117S","correlationId":"f8c789b7-2233-4c67-acfe-795cd3189ffb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4ijumk4p5aysfpcn5rdrx","name":"azure-cli-subscription_level_deployment4ijumk4p5aysfpcn5rdrx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-15T07:11:30.358518Z","duration":"PT13.1302701S","correlationId":"23ea34ba-0339-49de-aee8-ef9129d29660","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv4vdegmfbmgc37qhyx5fs","name":"azure-cli-subscription_level_deploymentv4vdegmfbmgc37qhyx5fs","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-15T07:10:38.6476468Z","duration":"PT45.337928S","correlationId":"4e448478-7f3c-49ec-b0f9-1899fe7b59e2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2lgsux43acg42bxtqndle","name":"azure-cli-subscription_level_deployment2lgsux43acg42bxtqndle","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-15T06:43:45.9365801Z","duration":"PT8.504352S","correlationId":"181b17b0-4210-40ae-b7a6-c669b46f8cdd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentacetv5z3ugsqi6jal2pf3","name":"azure-cli-subscription_level_deploymentacetv5z3ugsqi6jal2pf3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-15T06:42:51.1979236Z","duration":"PT2M11.2418549S","correlationId":"eaee1853-4fa2-4ddd-82c0-1a726ec539cf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentco6aes3aaulskrn4sbicd","name":"azure-cli-subscription_level_deploymentco6aes3aaulskrn4sbicd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"418421955430290883","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-04-15T06:35:30.503074Z","duration":"PT1M1.7258408S","correlationId":"df4a4185-426d-4b68-9e34-8489efeaba0f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested4"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentuz5jafev4qn4m3zd2fbwt","name":"azure-cli-subscription_level_deploymentuz5jafev4qn4m3zd2fbwt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11988132718221257316","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-08T05:32:35.8933682Z","duration":"PT6.3411353S","correlationId":"daa06458-24f6-49f1-8621-a0c2e04aa5d5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested5"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenty42addrvpmrkkjkyt4lpc","name":"azure-cli-subscription_level_deploymenty42addrvpmrkkjkyt4lpc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11988132718221257316","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T05:31:36.9190021Z","duration":"PT1M7.2332434S","correlationId":"6bffc212-c910-4e4e-9b9f-a4ee936c7e39","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested5"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmrhfcrzqyjaqncuxamywc","name":"azure-cli-subscription_level_deploymentmrhfcrzqyjaqncuxamywc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11988132718221257316","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-04-08T04:50:37.9051532Z","duration":"PT9.331773S","correlationId":"b19fb667-76bd-4c1c-9474-3166cdc4fbf8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested5"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjikgrfeolnbrakxjs2eui","name":"azure-cli-subscription_level_deploymentjikgrfeolnbrakxjs2eui","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11988132718221257316","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-08T04:49:28.1605281Z","duration":"PT6.4507267S","correlationId":"6e00aa79-bfb8-4c72-b83a-18f02b935eee","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested5"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentzsmyaxu256s4zfevzuwu2","name":"azure-cli-subscription_level_deploymentzsmyaxu256s4zfevzuwu2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11988132718221257316","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T04:48:55.7968005Z","duration":"PT59.6620052S","correlationId":"10f0f6a3-873a-4b8e-95c9-bf02b23ae002","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested5"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxobge3kknti23qu4eys4l","name":"azure-cli-subscription_level_deploymentxobge3kknti23qu4eys4l","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"418421955430290883","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-04-08T04:43:27.585727Z","duration":"PT1M49.2800052S","correlationId":"97597488-c29a-4308-bfce-a9a79a83bb8b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested4"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentzsask44kabdpnck4lg5ck","name":"azure-cli-subscription_level_deploymentzsask44kabdpnck4lg5ck","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-04-08T03:29:01.8073339Z","duration":"PT36.4929135S","correlationId":"477619d2-2b8d-4d85-84e7-b2e3023e7d07","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxhrzaxvobtlyzxfy6g7yz","name":"azure-cli-subscription_level_deploymentxhrzaxvobtlyzxfy6g7yz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-08T02:21:07.5240862Z","duration":"PT30.6866413S","correlationId":"4bb94f96-acb2-4453-9984-15b062387866","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentuokevvrrdxlask2pvfowe","name":"azure-cli-subscription_level_deploymentuokevvrrdxlask2pvfowe","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T02:19:48.5501298Z","duration":"PT1M37.640817S","correlationId":"f38b191c-48ae-4614-8257-d217c7d62746","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmohyxhj2545r62ia57ynn","name":"azure-cli-subscription_level_deploymentmohyxhj2545r62ia57ynn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-07T10:08:29.7117645Z","duration":"PT9.0005235S","correlationId":"95b7fa6f-bd91-4b5f-896f-35f053a8073d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenth7vtbk6t5qbfomrtt2zbi","name":"azure-cli-subscription_level_deploymenth7vtbk6t5qbfomrtt2zbi","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-07T10:07:47.2843948Z","duration":"PT50.5957411S","correlationId":"f635b163-24b2-4419-9b48-ee06ee594ca9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv6th2ulv2anxuvif6pxig","name":"azure-cli-subscription_level_deploymentv6th2ulv2anxuvif6pxig","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"418421955430290883","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T05:00:18.7360016Z","duration":"PT2M37.2566618S","correlationId":"a910e357-bb6e-484a-b4c5-b24b74015965","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested4"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyvq23vdkvlxsykalpvfba","name":"azure-cli-subscription_level_deploymentyvq23vdkvlxsykalpvfba","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"418421955430290883","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T04:02:32.9606413Z","duration":"PT1M16.5783883S","correlationId":"a3ec32c3-08bc-43a6-86f5-8c888bed1a40","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested4"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentsftahh2gosfv6im2b3d24","name":"azure-cli-subscription_level_deploymentsftahh2gosfv6im2b3d24","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"418421955430290883","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T03:56:41.4131431Z","duration":"PT1M55.7016047S","correlationId":"dc625047-c6d2-402b-8b61-5230550b910f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested4"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbbp5b7lno4nb3zntusljp","name":"azure-cli-subscription_level_deploymentbbp5b7lno4nb3zntusljp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"418421955430290883","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T03:54:25.3007197Z","duration":"PT1M49.5323412S","correlationId":"2aa43124-6e6e-4fc1-9033-af2f28b8e484","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested4"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymente7exsuyyqaaa5ckx3xasw","name":"azure-cli-subscription_level_deploymente7exsuyyqaaa5ckx3xasw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-04-03T03:45:34.8463202Z","duration":"PT11.2063554S","correlationId":"70a59cda-95a9-4e35-90d4-8b48d2c11627","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested3'': previous deployment from ''4/3/2020 + 3:45:34 AM'' is still active (expiration time is ''4/10/2020 3:45:29 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2bdvipler5d2eaq7xs72i","name":"azure-cli-subscription_level_deployment2bdvipler5d2eaq7xs72i","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T03:45:53.7898261Z","duration":"PT39.3899081S","correlationId":"6429126c-3e88-4e5d-8699-e93f38ed11f0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv2bz5wtzmn2fm64e3xcuf","name":"azure-cli-subscription_level_deploymentv2bz5wtzmn2fm64e3xcuf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T03:44:52.0062377Z","duration":"PT1M16.9524018S","correlationId":"94f39d07-7ed9-4418-bb9d-298ba37896df","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenth5sic3gxdwcw7aurayd3n","name":"azure-cli-subscription_level_deploymenth5sic3gxdwcw7aurayd3n","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-03T03:07:26.8636099Z","duration":"PT1M44.6396682S","correlationId":"f1c3db0b-dcbb-4d72-ba28-90df19dbd4fe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/zhoxing-test","name":"zhoxing-test","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"18214098974183646216","parameters":{"location":{"type":"String","value":"westus"},"name":{"type":"String","value":"azure-cli-deploy-test-nsg1"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-04-01T09:35:13.9644129Z","duration":"PT7.9083541S","correlationId":"9ff003b4-7d84-4cec-8ff3-8a1dabaf0f73","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"networkSecurityGroups","locations":["westus"]}]}],"dependencies":[],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceNotFound","message":"The + Resource ''Microsoft.Network/networkSecurityGroups/azure-cli-deploy-test-nsg1'' + under resource group '''' was not found."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2mgliofjcdscllog3qlb7","name":"azure-cli-subscription_level_deployment2mgliofjcdscllog3qlb7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-18T03:43:16.6752107Z","duration":"PT2M8.0000393S","correlationId":"8c9c95c2-0245-430a-8a95-9f93a9a0472d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2egmp5fntu34jbg7h62hl","name":"azure-cli-subscription_level_deployment2egmp5fntu34jbg7h62hl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-18T03:31:14.0970699Z","duration":"PT2M25.2416658S","correlationId":"c7f01194-cfaf-4e29-b3f2-f767c4551f14","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentb5axkymhbyfaymja4oojc","name":"azure-cli-subscription_level_deploymentb5axkymhbyfaymja4oojc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-18T03:26:34.1610109Z","duration":"PT22.9907412S","correlationId":"2448f19f-ac70-41b4-af99-4a9e95f8cdd9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceGroupBeingDeleted","message":"The + resource group ''cli_test_subscription_level_deployment'' is in deprovisioning + state and cannot perform this operation."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjhqy6kk6d5rayzyrnxwgz","name":"azure-cli-subscription_level_deploymentjhqy6kk6d5rayzyrnxwgz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12156591585820873159","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-18T03:24:14.6191082Z","duration":"PT1M26.7430068S","correlationId":"59a0788b-42ca-4202-b8d4-7b3c4267b7a1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymente7c7ddmzlxwl232m4tkcr","name":"azure-cli-subscription_level_deploymente7c7ddmzlxwl232m4tkcr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-05T07:45:34.9551207Z","duration":"PT1M39.0562748S","correlationId":"d9e2389f-4c15-456b-b3c9-a1dec46ee014","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested3'': previous deployment from ''3/5/2020 + 7:45:18 AM'' is still active (expiration time is ''3/12/2020 7:45:17 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentipde54efyh5zcwzs4w755","name":"azure-cli-subscription_level_deploymentipde54efyh5zcwzs4w755","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-05T07:46:44.396617Z","duration":"PT3M10.5282895S","correlationId":"8a379a8f-6084-4759-8336-e0756517a903","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2lv6omcdqanzy2udxgtye","name":"azure-cli-subscription_level_deployment2lv6omcdqanzy2udxgtye","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-04T16:03:39.2858189Z","duration":"PT3M29.7007437S","correlationId":"ba0eca1d-9636-4a69-ab7f-515691c355f4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7oilx3sfxhvqxp2w2upmz","name":"azure-cli-subscription_level_deployment7oilx3sfxhvqxp2w2upmz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18221"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-04T13:59:35.0226259Z","duration":"PT2M28.41037S","correlationId":"ade1e2d5-c2f8-4a05-a9cb-0dd2162870bd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4hyk3wxxbwrrlkxtplkvz","name":"azure-cli-subscription_level_deployment4hyk3wxxbwrrlkxtplkvz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18224"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T13:38:40.9692554Z","duration":"PT1M2.5547257S","correlationId":"a68f15d5-eb6f-4bc9-9da0-b8915c011887","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested3'': previous deployment from ''3/4/2020 + 1:38:11 PM'' is still active (expiration time is ''3/11/2020 1:37:50 PM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentewzabsj3grdksbjcluzgn","name":"azure-cli-subscription_level_deploymentewzabsj3grdksbjcluzgn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18224"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-04T13:38:52.678036Z","duration":"PT2M23.2895434S","correlationId":"b238c172-bfd7-4161-9039-23ad90c92386","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18224"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentemgk7bur7h3pngvml55ph","name":"azure-cli-subscription_level_deploymentemgk7bur7h3pngvml55ph","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo18223"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-04T13:32:02.6178791Z","duration":"PT2M30.6506289S","correlationId":"ceb034eb-715a-4120-992b-a1da22763016","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18223"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbxh3jatf73jc3dpaerwry","name":"azure-cli-subscription_level_deploymentbxh3jatf73jc3dpaerwry","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1822"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T13:25:39.7791694Z","duration":"PT1M51.0569228S","correlationId":"bf1cae1b-7c98-45b9-ab1b-ab071627286f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment63wutnd4dwdtddy43eqtk","name":"azure-cli-subscription_level_deployment63wutnd4dwdtddy43eqtk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T13:20:28.5578432Z","duration":"PT3M7.041017S","correlationId":"0ec5d802-d34e-4ff4-ac88-dda8487cf9d3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentuae4cfn2uyaveezargupv","name":"azure-cli-subscription_level_deploymentuae4cfn2uyaveezargupv","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T13:10:29.5542008Z","duration":"PT55.5599986S","correlationId":"ad9cbde9-d568-4204-b460-7f7b26afb6f7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested3'': previous deployment from ''3/4/2020 + 1:09:56 PM'' is still active (expiration time is ''3/11/2020 1:09:55 PM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentz3l73i54djuyjhm7i3z6l","name":"azure-cli-subscription_level_deploymentz3l73i54djuyjhm7i3z6l","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T13:11:40.3390274Z","duration":"PT2M15.2512531S","correlationId":"5c799890-e10b-4239-b3e0-ee1b116b6c42","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenth6yx7fnfqutnvlgisxs2b","name":"azure-cli-subscription_level_deploymenth6yx7fnfqutnvlgisxs2b","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T12:34:17.6484286Z","duration":"PT2M15.7717081S","correlationId":"ce197356-1944-4c79-b67d-4f20def8154d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyd2rmwdvgdb3ybtr2stnk","name":"azure-cli-subscription_level_deploymentyd2rmwdvgdb3ybtr2stnk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T12:22:39.384384Z","duration":"PT2M52.5128963S","correlationId":"4f1a3c4a-78fc-4de5-b43c-dacc20b0bef5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv5ctehwbdse7bj7f37y32","name":"azure-cli-subscription_level_deploymentv5ctehwbdse7bj7f37y32","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T12:22:37.946603Z","duration":"PT3M32.5298139S","correlationId":"f8471ecc-dcc1-4e8e-9055-60a1d88a4ecb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwkhrnuqkghx4t235xzzew","name":"azure-cli-subscription_level_deploymentwkhrnuqkghx4t235xzzew","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T11:33:41.9967824Z","duration":"PT1M0.8929715S","correlationId":"9647593e-bfec-47c0-ac1c-a8ab64b2ee69","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested3'': previous deployment from ''3/4/2020 + 11:33:14 AM'' is still active (expiration time is ''3/11/2020 11:33:10 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwmogwstoamy65d6xrlfuc","name":"azure-cli-subscription_level_deploymentwmogwstoamy65d6xrlfuc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15484027130492544714","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T12:22:56.5357584Z","duration":"PT50M15.7638235S","correlationId":"2dc52ca6-de37-48f1-982e-af3232f5e9c1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested3"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta6aqqknwkr52kj4ljl265","name":"azure-cli-subscription_level_deploymenta6aqqknwkr52kj4ljl265","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"2930425936176721169","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T11:30:11.5494573Z","duration":"PT1M27.5317097S","correlationId":"4bd3303b-2bf5-4601-bd99-55dc17a3b9aa","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested2","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested2"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfrvzzndphru5puf5kyvyx","name":"azure-cli-subscription_level_deploymentfrvzzndphru5puf5kyvyx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"2930425936176721169","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T11:29:58.7117879Z","duration":"PT1M16.8274313S","correlationId":"cb71fcd2-2bab-4cc6-bb9d-05aba69d84dc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested2","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested2"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested2'': previous deployment from ''3/4/2020 + 11:29:14 AM'' is still active (expiration time is ''3/11/2020 11:29:13 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6rum7gxwsarxahiavym2p","name":"azure-cli-subscription_level_deployment6rum7gxwsarxahiavym2p","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11347955602474098746","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T11:15:06.3378474Z","duration":"PT29.0039632S","correlationId":"b44471d2-9472-4ba0-948a-69852d44a17c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested'': previous deployment from ''3/4/2020 + 11:14:58 AM'' is still active (expiration time is ''3/11/2020 11:14:58 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentrhug4m5km6x4btmtiijuc","name":"azure-cli-subscription_level_deploymentrhug4m5km6x4btmtiijuc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11347955602474098746","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T11:16:04.8739131Z","duration":"PT1M33.2822896S","correlationId":"627781f5-786a-41ca-bd8f-7004a25a691e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmswgcmlhioz6qhouzgbnm","name":"azure-cli-subscription_level_deploymentmswgcmlhioz6qhouzgbnm","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11347955602474098746","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T09:19:50.8306607Z","duration":"PT1M43.9651516S","correlationId":"5c97cd68-be12-47e9-a261-05073d15f1b6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyz3zj34pffia3pxcdtypb","name":"azure-cli-subscription_level_deploymentyz3zj34pffia3pxcdtypb","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11347955602474098746","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T09:19:10.9154212Z","duration":"PT1M11.2968135S","correlationId":"ae2409a7-e684-4095-a567-63023b94521e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested'': previous deployment from ''3/4/2020 + 9:18:37 AM'' is still active (expiration time is ''3/11/2020 9:18:36 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentz4yyli3u45yft7orknoq2","name":"azure-cli-subscription_level_deploymentz4yyli3u45yft7orknoq2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13219608417334126964","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T09:11:39.9979897Z","duration":"PT27.8896664S","correlationId":"41c6fbab-793a-4fc6-9b68-f0adc2b56a42","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested2","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested2"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested2'': previous deployment from ''3/4/2020 + 9:11:32 AM'' is still active (expiration time is ''3/11/2020 9:11:31 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentl6v2tct46agmpludg37nc","name":"azure-cli-subscription_level_deploymentl6v2tct46agmpludg37nc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13219608417334126964","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T09:12:37.6404966Z","duration":"PT1M39.4905182S","correlationId":"4f817eab-cb37-4f7b-8dfd-c0d4472afcf4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested2","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested2"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentitceqeip65r3qkduj3ewd","name":"azure-cli-subscription_level_deploymentitceqeip65r3qkduj3ewd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8916804597543255573","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T08:59:53.8398458Z","duration":"PT2M35.157681S","correlationId":"3cba1f96-b012-4eaf-856e-3d4b50ef178e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": + \"Canceled\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": + \"The resource operation completed with terminal provisioning state ''Canceled''.\"\r\n }\r\n}"}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbhr55hzn3entp363oxwt5","name":"azure-cli-subscription_level_deploymentbhr55hzn3entp363oxwt5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8916804597543255573","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T08:58:30.8739009Z","duration":"PT1M14.2378684S","correlationId":"25797c13-008d-4803-9096-b1dd49fee77d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentActive","message":"Unable + to edit or replace deployment ''rg-nested'': previous deployment from ''3/4/2020 + 8:58:25 AM'' is still active (expiration time is ''3/11/2020 8:58:24 AM''). + Please see https://aka.ms/arm-deploy for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentubpktg5dzkoiklz4zavct","name":"azure-cli-subscription_level_deploymentubpktg5dzkoiklz4zavct","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11347955602474098746","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T08:50:55.1709778Z","duration":"PT2M15.5083737S","correlationId":"1d7698f1-893a-406e-a426-50d98a077c65","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcqnsont7dc62x4wmrpp43","name":"azure-cli-subscription_level_deploymentcqnsont7dc62x4wmrpp43","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11347955602474098746","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1821"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-03-04T08:51:02.2135575Z","duration":"PT2M22.6328493S","correlationId":"a3353467-434e-4d92-a0b0-19b23e3e78f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested"}],"error":{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At + least one resource deployment operation failed. Please list deployment operations + for details. Please see https://aka.ms/DeployOperations for usage details."}]}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-parametersploymenthmxm57ur254xtzpcyvdqii","name":"azure-cli-sub-level-parametersploymenthmxm57ur254xtzpcyvdqii","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11027062374577539273","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-02-20T11:56:50.4004282Z","duration":"PT49.4913139S","correlationId":"1935fdba-6ff6-49ff-812f-790121d19277","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-parametersploymentgehmucl4rvwm2eyejciwff","name":"azure-cli-sub-level-parametersploymentgehmucl4rvwm2eyejciwff","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"11027062374577539273","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-02-20T11:52:20.8694248Z","duration":"PT2M13.6605864S","correlationId":"f6db6de9-5c0b-4b8d-be0a-8131a9797e41","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azuredeploy","name":"azuredeploy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"12355051252284347413","parameters":{},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-01-19T02:10:16.9396307Z","duration":"PT7.2726623S","correlationId":"70bd0210-5251-4197-aea6-58d37fe47a9c","providers":[],"dependencies":[],"outputs":{},"outputResources":[]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/PS-SimpleBlueprintDefinition","name":"PS-SimpleBlueprintDefinition","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"15210439517227196476","parameters":{},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-02-25T22:16:53.2851897Z","duration":"PT15.2258878S","correlationId":"c876d422-d25e-432c-8894-0360de146e27","providers":[{"namespace":"Microsoft.Blueprint","resourceTypes":[{"resourceType":"blueprints","locations":[null]},{"resourceType":"blueprints/versions","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition","resourceType":"Microsoft.Blueprint/blueprints","resourceName":"PS-SimpleBlueprintDefinition"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition/versions/v1","resourceType":"Microsoft.Blueprint/blueprints/versions","resourceName":"PS-SimpleBlueprintDefinition/v1"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition/versions/v1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/PS-SimpleBlueprint","name":"PS-SimpleBlueprint","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"1748951007796543009","parameters":{},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-02-25T22:10:02.2696877Z","duration":"PT18.1526746S","correlationId":"ea58b179-ccd8-4a54-bb60-16fab3d1a3a8","providers":[{"namespace":"Microsoft.Blueprint","resourceTypes":[{"resourceType":"blueprints","locations":[null]},{"resourceType":"blueprints/versions","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint","resourceType":"Microsoft.Blueprint/blueprints","resourceName":"PS-SimpleBlueprint"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint/versions/v1","resourceType":"Microsoft.Blueprint/blueprints/versions","resourceName":"PS-SimpleBlueprint/v1"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint/versions/v1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenti7d65nxm3t","name":"azure-cli-sub-level-deploymenti7d65nxm3t","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-12T06:50:15.4230349Z","duration":"PT44.6818179S","correlationId":"fe33450e-83fa-4592-842e-054d6a817a30","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcjv5npvl4l","name":"azure-cli-sub-level-deploymentcjv5npvl4l","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-11T06:47:41.7368215Z","duration":"PT28.5732397S","correlationId":"73583652-1870-4893-b580-f25b64615be6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentza6vygg3la","name":"azure-cli-sub-level-deploymentza6vygg3la","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-10T06:48:36.4510764Z","duration":"PT47.7938165S","correlationId":"0d2d7f66-dba8-4962-b7fc-75530469373c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentusj6ztwcof","name":"azure-cli-sub-level-deploymentusj6ztwcof","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-09T06:48:21.2908079Z","duration":"PT19.7544924S","correlationId":"6e9957c9-1ad6-4e7e-bfc3-6267f3668fdf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttyrue4amsp","name":"azure-cli-sub-level-deploymenttyrue4amsp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-08T06:49:47.6352578Z","duration":"PT39.8629146S","correlationId":"e430bcb5-6a45-4671-aebf-2eaa4221456c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymento62gv3hid6","name":"azure-cli-sub-level-deploymento62gv3hid6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-05T06:52:40.9250878Z","duration":"PT23.9253758S","correlationId":"5d34f77f-2e01-480a-9a5e-515a6eb273b0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentpnpnozhakz","name":"azure-cli-sub-level-deploymentpnpnozhakz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-04T06:48:35.445234Z","duration":"PT15.1739397S","correlationId":"7ab8b6a2-d3fb-49b9-9d5a-c07b6d762cc8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlnwmaa3ze5","name":"azure-cli-sub-level-deploymentlnwmaa3ze5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-03T06:51:43.300224Z","duration":"PT38.3051879S","correlationId":"2831bf49-d1ce-4079-8e3f-17bccbe0422a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentsissuasqxe","name":"azure-cli-sub-level-deploymentsissuasqxe","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-02T06:45:39.0982672Z","duration":"PT20.9519184S","correlationId":"2d05e491-c50e-453c-8f8c-f8fc4dd343e9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzm4di66nja","name":"azure-cli-sub-level-deploymentzm4di66nja","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2019-01-01T06:47:40.377996Z","duration":"PT55.4858159S","correlationId":"69a3ff48-6324-49ec-a6dd-1ead68ebc7e8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2yle5khexf","name":"azure-cli-sub-level-deployment2yle5khexf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-29T06:47:59.8655323Z","duration":"PT53.6236685S","correlationId":"7bb3a203-c511-4647-a430-d3606266d7df","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentkhzsirwvrb","name":"azure-cli-sub-level-deploymentkhzsirwvrb","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-28T06:48:06.1877844Z","duration":"PT23.4869331S","correlationId":"797f952f-3746-474f-9996-27c0f260ee6b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentyomx2vyroy","name":"azure-cli-sub-level-deploymentyomx2vyroy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-27T06:51:26.621804Z","duration":"PT52.2258559S","correlationId":"a71fb5af-8c60-477c-a092-e02c7f806da4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment7gyhguqrsl","name":"azure-cli-sub-level-deployment7gyhguqrsl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-26T06:49:48.4697615Z","duration":"PT27.8042956S","correlationId":"db456762-a0c2-4029-8e1d-ff96c44a88c6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment7kmpk54kh5","name":"azure-cli-sub-level-deployment7kmpk54kh5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-25T06:49:34.8281707Z","duration":"PT49.1259625S","correlationId":"6d73a25f-480b-49e5-bd0e-b77d012d254f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentabdqpmkgkh","name":"azure-cli-sub-level-deploymentabdqpmkgkh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-22T06:49:19.0744339Z","duration":"PT45.5726481S","correlationId":"edcb5a76-f276-4e5a-acc7-7271792a1b8a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment76ntcpnkil","name":"azure-cli-sub-level-deployment76ntcpnkil","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-21T06:51:24.7881961Z","duration":"PT1M7.5710523S","correlationId":"4c655ad4-140b-4026-bff3-d590be6168b1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttm2i4gmzgy","name":"azure-cli-sub-level-deploymenttm2i4gmzgy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-20T06:48:52.680939Z","duration":"PT57.8149837S","correlationId":"a4b430c8-b998-440a-ae72-23ef472f698e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlzvp3pmyhn","name":"azure-cli-sub-level-deploymentlzvp3pmyhn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-18T06:49:10.9340289Z","duration":"PT48.1623275S","correlationId":"29240ba6-0e05-42a3-9b75-281a64f704c8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentkjycb6aqpr","name":"azure-cli-sub-level-deploymentkjycb6aqpr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-15T06:49:28.0655727Z","duration":"PT19.7231992S","correlationId":"5bb75b1f-03c0-4194-90f8-99a220c95f9b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlbvb2wi2xh","name":"azure-cli-sub-level-deploymentlbvb2wi2xh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-14T06:49:38.4395168Z","duration":"PT21.1646064S","correlationId":"24d0ec50-015e-4a52-99a0-b789e1a211e3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentumilqewj47","name":"azure-cli-sub-level-deploymentumilqewj47","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-13T06:48:22.5537874Z","duration":"PT46.7762391S","correlationId":"f0724e6f-a023-4c0d-b248-49d92cfd64bd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbmrq2xg4fp","name":"azure-cli-sub-level-deploymentbmrq2xg4fp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-12T06:49:47.1418295Z","duration":"PT21.7891671S","correlationId":"2d53019e-fac5-49f1-a779-e3fc0e891a77","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6adnri7b5v","name":"azure-cli-sub-level-deployment6adnri7b5v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-11T06:47:40.1991064Z","duration":"PT39.2368339S","correlationId":"776070eb-ef8f-4d62-b232-38be044f6607","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentxy26cq24q3","name":"azure-cli-sub-level-deploymentxy26cq24q3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-08T06:47:44.1940826Z","duration":"PT54.3428216S","correlationId":"f2ed708b-727f-4ec2-8ce7-bab46cb485b1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentsgmhgi2rph","name":"azure-cli-sub-level-deploymentsgmhgi2rph","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-07T06:55:32.0052896Z","duration":"PT18.4907246S","correlationId":"47d7fc91-a4fa-4c39-b40c-47196c3e6fe4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment4jggtwgj65","name":"azure-cli-sub-level-deployment4jggtwgj65","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-06T06:50:34.0727401Z","duration":"PT46.0817096S","correlationId":"c51bafe2-95fb-4ec0-a680-aa9b5d9888de","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjyfvnevxfk","name":"azure-cli-sub-level-deploymentjyfvnevxfk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-05T06:48:00.3703164Z","duration":"PT22.5787305S","correlationId":"6e462015-4541-42f3-ad8a-c5b3231c013e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentherzbpxbwa","name":"azure-cli-sub-level-deploymentherzbpxbwa","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-04T06:48:41.9665699Z","duration":"PT45.3184878S","correlationId":"aaa363df-6fd7-4d3a-9c95-a03f45a40b84","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment3upq4x7nal","name":"azure-cli-sub-level-deployment3upq4x7nal","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-12-01T06:54:59.5692621Z","duration":"PT1M2.8673681S","correlationId":"77617ff1-fbb0-4b8c-bc27-a72d8bd19692","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmajzywuipg","name":"azure-cli-sub-level-deploymentmajzywuipg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-29T06:49:56.1355228Z","duration":"PT18.5586711S","correlationId":"0135a894-49ec-486f-94d7-e049f6835d92","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthzu75ehotl","name":"azure-cli-sub-level-deploymenthzu75ehotl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-28T06:54:31.3636196Z","duration":"PT21.7646735S","correlationId":"d0409a6f-f9d2-4821-8bfc-35569cb26c07","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcixag76wpi","name":"azure-cli-sub-level-deploymentcixag76wpi","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-28T06:47:54.4819102Z","duration":"PT49.5990759S","correlationId":"00fcbf8c-9799-43c4-a5e1-6fb323943d3c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzdomzmaunj","name":"azure-cli-sub-level-deploymentzdomzmaunj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-24T06:46:18.3575714Z","duration":"PT21.2638784S","correlationId":"a3abd118-c028-46fa-b35b-f8d72a9e28e7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbdmygd55ui","name":"azure-cli-sub-level-deploymentbdmygd55ui","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-23T06:51:26.8493783Z","duration":"PT38.3730282S","correlationId":"56862b0b-92d8-49a6-8857-d73702b3ae04","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentvqjmyojnoh","name":"azure-cli-sub-level-deploymentvqjmyojnoh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-22T06:47:58.6499457Z","duration":"PT19.2389777S","correlationId":"8f6d4bec-43ae-4a04-a010-7fad3c93c1d1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentanqbwjidmd","name":"azure-cli-sub-level-deploymentanqbwjidmd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-21T06:50:16.3587706Z","duration":"PT42.2312927S","correlationId":"275c4e6a-9263-40ac-aec0-c35c42372115","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentutoohbrsg2","name":"azure-cli-sub-level-deploymentutoohbrsg2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-17T06:51:40.7433949Z","duration":"PT46.3913841S","correlationId":"426a2189-1559-4f3b-af8c-1c0f22a9df80","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbmssoycrel","name":"azure-cli-sub-level-deploymentbmssoycrel","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-16T06:50:38.0685171Z","duration":"PT22.5914351S","correlationId":"8ddca7a0-09b6-4514-9f00-96f2396016c8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthmmkdzlyly","name":"azure-cli-sub-level-deploymenthmmkdzlyly","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-15T06:49:44.4751665Z","duration":"PT48.6570991S","correlationId":"05da3fe2-daa9-4b48-b1f9-3658e2102d58","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzanp25wey3","name":"azure-cli-sub-level-deploymentzanp25wey3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-14T06:44:35.8607273Z","duration":"PT21.1730374S","correlationId":"c4eb23e3-ae60-44fc-8f0a-c2ac842a256e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentrhyu5dapwd","name":"azure-cli-sub-level-deploymentrhyu5dapwd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-13T06:47:36.5340532Z","duration":"PT25.903135S","correlationId":"b4734951-acd6-44cc-86bc-8f87048f870a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentahpbeth2ia","name":"azure-cli-sub-level-deploymentahpbeth2ia","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-12T23:46:21.0026408Z","duration":"PT25.8854758S","correlationId":"53877b01-10c2-456a-b412-5609237c19b8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzifpcxirzz","name":"azure-cli-sub-level-deploymentzifpcxirzz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-12T18:20:05.7009206Z","duration":"PT49.2905804S","correlationId":"ec1e269f-4aed-4470-92ab-449a70ccce32","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentpyfzwgzdao","name":"azure-cli-sub-level-deploymentpyfzwgzdao","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-10T06:48:35.2459599Z","duration":"PT44.281308S","correlationId":"e1dd9ef5-3499-4fd2-888e-74937885d87a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzhhuamiqxd","name":"azure-cli-sub-level-deploymentzhhuamiqxd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-10T00:40:45.1359617Z","duration":"PT23.0441909S","correlationId":"29a04b6e-3e3f-444d-953b-ea1f10f2f56e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5nghjlwuv7","name":"azure-cli-sub-level-deployment5nghjlwuv7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-09T21:23:46.3959518Z","duration":"PT16.3467698S","correlationId":"3664415a-2b4e-4f79-9eb4-c1357654e7e3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/721e5120-64f0-40d6-837c-835145bd1879","name":"721e5120-64f0-40d6-837c-835145bd1879","type":"Microsoft.Resources/deployments","location":"eastus2","properties":{"templateHash":"17205502901608728771","parameters":{"resourceGroupApiVersion":{"type":"String","value":"2019-10-01"},"rgName":{"type":"String","value":"houk-rg-eastus-eastus2"},"rgLocation":{"type":"String","value":"eastus2"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-10T05:36:03.0957161Z","duration":"PT0.6736832S","correlationId":"d7c0d35d-74d7-417d-8148-bf88d707925c","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["eastus2"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/houk-rg-eastus-eastus2"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd9393","name":"csmd9393","type":"Microsoft.Resources/deployments","location":"westus2","properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"whatifnetsdktest1"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-15T03:01:50.3547443Z","duration":"PT43.4742772S","correlationId":"8107b599-ee35-44f3-b252-5d2130296c0d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd5863","name":"csmd5863","type":"Microsoft.Resources/deployments","location":"westus2","properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"whatifnetsdktest1"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-09-15T02:21:59.7091482Z","duration":"PT45.9444376S","correlationId":"7572ecc9-67a8-49c3-b0ba-90a5bb68aabc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd1329","name":"csmd1329","type":"Microsoft.Resources/deployments","location":"westus2","properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"whatifnetsdktest1"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-05-27T01:15:57.7133517Z","duration":"PT18.4322744S","correlationId":"463d3ff5-f377-41db-b535-3cc7254750b5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd4557","name":"csmd4557","type":"Microsoft.Resources/deployments","location":"westus2","properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"whatifnetsdktest1"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-05-27T01:00:15.5783259Z","duration":"PT19.3169344S","correlationId":"5fda15dd-f266-4c88-bff1-71ccc06e094f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd2223","name":"csmd2223","type":"Microsoft.Resources/deployments","location":"westus2","properties":{"templateHash":"6720373025847754913","parameters":{"storageAccountName":{"type":"String","value":"whatifnetsdktest1"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-05-27T00:56:42.6876872Z","duration":"PT43.2355869S","correlationId":"91c7edf8-7f34-4403-ad52-ac4e2f4db693","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested","name":"sub-nested","type":"Microsoft.Resources/deployments","location":"eastus","properties":{"templateHash":"17976844800751378253","parameters":{},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:15:17.6378731Z","duration":"PT7.6164174S","correlationId":"b10370ab-5ec1-407f-9d4f-99f8466fc1b1","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["eastus2"]}]}],"dependencies":[],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/deploymentRg","name":"deploymentRg","type":"Microsoft.Resources/deployments","location":"eastus","properties":{"templateLink":{"relativePath":"createResourceGroup.json","uri":"https://testquerystrsubj6nqmcvxw.blob.core.windows.net/querystrywu63iab4k53/mainTemplate","contentVersion":"1.0.0.0"},"templateHash":"17331290123496842075","parameters":{"rgName":{"type":"String","value":"cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q"},"rgLocation":{"type":"String","value":"eastus"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-18T23:27:28.44406Z","duration":"PT1.5923779S","correlationId":"b735057f-096c-4b33-ba65-75273379b313","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["eastus"]}]}],"dependencies":[],"outputs":{},"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mainTemplate","name":"mainTemplate","type":"Microsoft.Resources/deployments","location":"eastus","properties":{"templateLink":{"uri":"https://testquerystrsubj6nqmcvxw.blob.core.windows.net/querystrywu63iab4k53/mainTemplate","contentVersion":"1.0.0.0"},"templateHash":"7361881621490722527","parameters":{"rgName":{"type":"String","value":"cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q"},"rgLocation":{"type":"String","value":"eastus"},"keyVaultName":{"type":"String","value":"querystrKVcruojwzilo"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-18T23:28:00.3135213Z","duration":"PT34.3905395S","correlationId":"b735057f-096c-4b33-ba65-75273379b313","providers":[{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["eastus",null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/deploymentRg","resourceType":"Microsoft.Resources/deployments","resourceName":"deploymentRg"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q/providers/Microsoft.Resources/deployments/keyVaultAndSecret","resourceType":"Microsoft.Resources/deployments","resourceName":"keyVaultAndSecret"}],"outputs":{},"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q/providers/Microsoft.KeyVault/vaults/querystrKVcruojwzilo"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q/providers/Microsoft.KeyVault/vaults/querystrKVcruojwzilo/secrets/mySecret"}]}}],"nextLink":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?api-version=2020-10-01&%24skiptoken=3dHNasMwDAfwZ4nPLcQjgbW3ljgj3SzPn6W7lZFB7ODAlhI7Je%2b%2beqMv0ZMk9AfxQ1f0Ofix85fz2A1eDa71P2h7RUcilZap820Y38%2ffY5cCr21EW4Sz54wRWoLTa7T6S4hhuu9wUWSUNEHYUw4zCdydJiCCcF3XfIaKWxdhPrzQymGm9l8CA3uT%2bcQqXYDVJauaQCtegNpFsE0OEe%2bPvZFCDVEQoDLVGgy3aQ61cYYye7hdMFyRzYfShhlSKuk2YFyec8XXaFkhskukp4cy%2fb%2fpZvKXvr8TH0i4LL8%3d"}' + headers: + cache-control: + - no-cache + content-length: + - '769768' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 22 Mar 2021 07:11:07 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - deployment sub list + Connection: + - keep-alive + User-Agent: + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?api-version=2020-10-01&%24skiptoken=3dHNasMwDAfwZ4nPLcQjgbW3ljgj3SzPn6W7lZFB7ODAlhI7Je%2B%2BeqMv0ZMk9AfxQ1f0Ofix85fz2A1eDa71P2h7RUcilZap820Y38%2FfY5cCr21EW4Sz54wRWoLTa7T6S4hhuu9wUWSUNEHYUw4zCdydJiCCcF3XfIaKWxdhPrzQymGm9l8CA3uT%2BcQqXYDVJauaQCtegNpFsE0OEe%2BPvZFCDVEQoDLVGgy3aQ61cYYye7hdMFyRzYfShhlSKuk2YFyec8XXaFkhskukp4cy%2Fb%2FpZvKXvr8TH0i4LL8%3D + response: + body: + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnsjomvm4a4","name":"azure-cli-sub-level-deploymentnsjomvm4a4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-09T17:51:24.3978864Z","duration":"PT47.4228897S","correlationId":"8a14b1bf-eff4-49c3-a722-856c00c55a58","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthdino2qhw2","name":"azure-cli-sub-level-deploymenthdino2qhw2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-09T06:50:43.8638694Z","duration":"PT17.9450763S","correlationId":"d5d11978-8f05-465c-94c6-c3aa9f53e85e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenteeyu6vr64h","name":"azure-cli-sub-level-deploymenteeyu6vr64h","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-09T01:13:07.0418924Z","duration":"PT31.6475766S","correlationId":"198599b4-f567-4f17-8911-726136fbf20a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentaswgfktart","name":"azure-cli-sub-level-deploymentaswgfktart","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-08T22:48:38.6740786Z","duration":"PT21.3715216S","correlationId":"0be9eab7-a1a1-4e1d-8d7f-c726065c8c20","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzcvyllkiqu","name":"azure-cli-sub-level-deploymentzcvyllkiqu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-08T06:48:05.2097744Z","duration":"PT24.6168851S","correlationId":"89cf5ed4-37d6-478d-96ad-2b29a2f22c99","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentkgc7byrmzd","name":"azure-cli-sub-level-deploymentkgc7byrmzd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-07T22:14:48.4235438Z","duration":"PT39.6039852S","correlationId":"47d0a978-7c5e-4f4e-b691-6923fc065481","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbcyqoazsph","name":"azure-cli-sub-level-deploymentbcyqoazsph","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-07T06:47:04.4700084Z","duration":"PT20.2356661S","correlationId":"2ed82723-0526-4085-90c9-2c53ad1ff34e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5asmbdfzah","name":"azure-cli-sub-level-deployment5asmbdfzah","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-06T06:48:57.4506284Z","duration":"PT43.4822401S","correlationId":"2f11da9f-ae7e-40b3-aa8d-162a9670ad6c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentqghy6t3gt5","name":"azure-cli-sub-level-deploymentqghy6t3gt5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-03T05:43:30.4048259Z","duration":"PT42.9937988S","correlationId":"48e8f7b2-8cc9-40ce-af49-1b068a10c776","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcagla5kdqu","name":"azure-cli-sub-level-deploymentcagla5kdqu","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-02T05:47:29.0436719Z","duration":"PT26.8131667S","correlationId":"ba331dd9-a960-4846-a263-184cf90054cd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmvsqbla577","name":"azure-cli-sub-level-deploymentmvsqbla577","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-11-01T05:49:33.9985261Z","duration":"PT40.1362896S","correlationId":"fcf42602-0aa3-4b28-af24-624854744aaf","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentseoyvxhak5","name":"azure-cli-sub-level-deploymentseoyvxhak5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-31T05:48:05.3014978Z","duration":"PT19.8033357S","correlationId":"b67e6f8b-d7d8-416f-a502-848e1e0c164e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentu3gdrlzd5d","name":"azure-cli-sub-level-deploymentu3gdrlzd5d","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-30T05:44:57.6174287Z","duration":"PT16.8782912S","correlationId":"69e5aa7d-2d77-45b5-9e8a-be12dcae1b7d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2zqftmddw4","name":"azure-cli-sub-level-deployment2zqftmddw4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-30T05:36:56.5047748Z","duration":"PT46.9192421S","correlationId":"06a9484a-12b6-4f18-8266-f0ee2e8b029e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentx2vtxykrhf","name":"azure-cli-sub-level-deploymentx2vtxykrhf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-27T05:44:34.9709042Z","duration":"PT25.2865331S","correlationId":"37e240e2-bc91-417e-8384-ca79890220c5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentousoo24n5r","name":"azure-cli-sub-level-deploymentousoo24n5r","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-26T19:01:35.0241599Z","duration":"PT39.0180906S","correlationId":"f9126dc3-5233-4936-b549-421c5ae570d4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5kcgihvkvk","name":"azure-cli-sub-level-deployment5kcgihvkvk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-26T05:47:08.5483304Z","duration":"PT20.8751211S","correlationId":"e96e739d-e413-41d6-9e38-57e9ca2471fe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentrcim76dsac","name":"azure-cli-sub-level-deploymentrcim76dsac","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-25T05:46:04.0485697Z","duration":"PT29.543957S","correlationId":"f26ffaed-e1da-4886-a6bf-149c1be84e9e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6gjztlttbg","name":"azure-cli-sub-level-deployment6gjztlttbg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-25T04:17:59.7456262Z","duration":"PT38.1894475S","correlationId":"c7540425-4513-40e8-90aa-c0ff40401cea","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthuawccaq3c","name":"azure-cli-sub-level-deploymenthuawccaq3c","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-24T05:43:01.7191497Z","duration":"PT20.7895506S","correlationId":"16ada8af-5d0a-42e4-9e1c-66d60919abb5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment62ay4n3wbz","name":"azure-cli-sub-level-deployment62ay4n3wbz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-23T05:42:22.9105265Z","duration":"PT54.3042857S","correlationId":"753b042b-6209-45f5-a618-ae9fdb666c8c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjzuahaefai","name":"azure-cli-sub-level-deploymentjzuahaefai","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-20T05:43:32.1230508Z","duration":"PT25.5526294S","correlationId":"0a5aa6b1-085d-40f7-b810-5f6a93ef2a28","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentayikxoao3r","name":"azure-cli-sub-level-deploymentayikxoao3r","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-19T05:48:58.8243039Z","duration":"PT1M43.8727102S","correlationId":"4faa9f80-fa0e-49d3-a692-d1189ec59dd4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnifftpkns3","name":"azure-cli-sub-level-deploymentnifftpkns3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-16T05:47:07.6841584Z","duration":"PT59.759756S","correlationId":"45f28335-54d9-4fbc-80c2-86b5e0fdbed9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcmzw3yk2nx","name":"azure-cli-sub-level-deploymentcmzw3yk2nx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-13T05:45:44.1079022Z","duration":"PT15.9139008S","correlationId":"3525add9-45f2-405a-adb8-eb8cc4468f61","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentt4d7vvniyk","name":"azure-cli-sub-level-deploymentt4d7vvniyk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-12T11:40:34.7487082Z","duration":"PT45.2014713S","correlationId":"a6cb8271-5307-42d1-9bf9-5057f42799d0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentg2dmiwnb42","name":"azure-cli-sub-level-deploymentg2dmiwnb42","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-11T05:39:08.9956472Z","duration":"PT39.2413029S","correlationId":"582eea32-24fe-45a8-887c-95dbabf4f812","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzajmsyj447","name":"azure-cli-sub-level-deploymentzajmsyj447","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-10T05:07:17.6472273Z","duration":"PT28.8144781S","correlationId":"bc42d183-b8ed-44a2-905c-bb305242ea4a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentudkx7bwyow","name":"azure-cli-sub-level-deploymentudkx7bwyow","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-09T05:36:51.7528653Z","duration":"PT19.9430593S","correlationId":"a716c579-80d0-4769-b321-59eeff9c953b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment3jka5u5sqr","name":"azure-cli-sub-level-deployment3jka5u5sqr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-06T05:46:36.5415179Z","duration":"PT25.0329024S","correlationId":"639ccb7d-fb2d-4763-9b20-68626a428a4d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthywvp5uuqw","name":"azure-cli-sub-level-deploymenthywvp5uuqw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-05T05:46:11.2025114Z","duration":"PT26.6181832S","correlationId":"107c7b5e-5e41-49ca-8344-7360cd6331aa","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment26mylz6y6s","name":"azure-cli-sub-level-deployment26mylz6y6s","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-04T17:39:31.6902978Z","duration":"PT23.2557684S","correlationId":"48e40afe-6d47-4294-850a-903002003d22","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttfxccigt2v","name":"azure-cli-sub-level-deploymenttfxccigt2v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-04T05:50:45.1731027Z","duration":"PT17.0471728S","correlationId":"84c8fdb1-1cb1-4ccc-9562-20b81ef9e489","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentktvjxxfbuv","name":"azure-cli-sub-level-deploymentktvjxxfbuv","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-03T05:55:05.3384389Z","duration":"PT30.3028961S","correlationId":"69ce735f-2369-46f2-bc57-68d77821b035","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentykwrbqeqwl","name":"azure-cli-sub-level-deploymentykwrbqeqwl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-02T17:01:39.6735559Z","duration":"PT30.5295508S","correlationId":"0345f2a0-5cd1-4324-bf6e-c13ded4b7871","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentniptbie26r","name":"azure-cli-sub-level-deploymentniptbie26r","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-28T05:55:36.539333Z","duration":"PT23.1668928S","correlationId":"562dc52a-0408-4183-b924-00dfdbb3fd80","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthdynb3uiex","name":"azure-cli-sub-level-deploymenthdynb3uiex","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-27T17:51:43.042278Z","duration":"PT28.7556714S","correlationId":"4b5f35e2-c06c-4809-8a13-130978428277","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmdijk7yp6v","name":"azure-cli-sub-level-deploymentmdijk7yp6v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-24T18:43:18.0370313Z","duration":"PT29.2192959S","correlationId":"e5c99ef6-6476-4f4f-a286-48f7f34d80b9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentdvoq3q4lvw","name":"azure-cli-sub-level-deploymentdvoq3q4lvw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-20T06:44:01.0452029Z","duration":"PT27.2414787S","correlationId":"1d9f3e40-565f-435d-8a6e-abd0be54c7a7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentanjxlfn5p4","name":"azure-cli-sub-level-deploymentanjxlfn5p4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-19T16:59:17.1711462Z","duration":"PT26.2008481S","correlationId":"f33383c6-38e2-4966-b8bd-208cdc1713a5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentve6h6jmfi6","name":"azure-cli-sub-level-deploymentve6h6jmfi6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-17T08:50:40.3852018Z","duration":"PT21.9670884S","correlationId":"83627931-915d-4f2a-a927-2872106b9dad","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentdammbysszw","name":"azure-cli-sub-level-deploymentdammbysszw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-15T00:35:16.8844541Z","duration":"PT20.6982218S","correlationId":"721ed19d-377e-406e-b46c-733543adcee0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentslyxdf47qz","name":"azure-cli-sub-level-deploymentslyxdf47qz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-13T18:03:04.220525Z","duration":"PT1M7.6821088S","correlationId":"a95b228f-baf0-4673-aef0-6422c9365ad8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnbuz3yq2jm","name":"azure-cli-sub-level-deploymentnbuz3yq2jm","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T23:00:29.3065457Z","duration":"PT1M3.8066808S","correlationId":"40ce0802-f7d5-43d4-8854-9ec7967cd55a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentulht3ehlak","name":"azure-cli-sub-level-deploymentulht3ehlak","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T17:46:17.9370329Z","duration":"PT48.0283852S","correlationId":"b2ec2607-f34e-4e38-af84-90627fe0c5e3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentq5qvxq3zcj","name":"azure-cli-sub-level-deploymentq5qvxq3zcj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T16:29:00.6263978Z","duration":"PT19.545734S","correlationId":"f1d30e60-f36c-4368-8568-aba64d2bd1d8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5cbt2viigg","name":"azure-cli-sub-level-deployment5cbt2viigg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T06:37:27.6734582Z","duration":"PT33.0975032S","correlationId":"05ea2abb-4e1e-47f2-8808-b9ad053da311","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentne4uh6ifn4","name":"azure-cli-sub-level-deploymentne4uh6ifn4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-11T21:00:07.3106042Z","duration":"PT18.6705891S","correlationId":"a7e65fc2-6f38-4d18-a4e7-0f628d178f3c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentgqte3k7exw","name":"azure-cli-sub-level-deploymentgqte3k7exw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-11T17:23:34.6686838Z","duration":"PT58.1230124S","correlationId":"bf1a6530-a087-46e7-8936-46bad624f1f5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentstagz5piun","name":"azure-cli-sub-level-deploymentstagz5piun","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-02T00:59:56.604189Z","duration":"PT1M5.504914S","correlationId":"0d697b80-8992-431a-8dbd-c0dae06bc5d2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5oxpjecwn6","name":"azure-cli-sub-level-deployment5oxpjecwn6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-31T22:13:32.9853182Z","duration":"PT24.5467354S","correlationId":"353bd5d2-8e90-4181-9047-f98e43ea5046","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentl4qnvfknz5","name":"azure-cli-sub-level-deploymentl4qnvfknz5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-30T19:16:11.8016729Z","duration":"PT1M14.6679462S","correlationId":"8a739168-470e-4bf6-9c9b-9f8353ed0c51","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2eymv7vjup","name":"azure-cli-sub-level-deployment2eymv7vjup","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-29T15:59:58.9500787Z","duration":"PT11.188959S","correlationId":"00ce51fd-b9a4-4526-966e-3e03f209ae0c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentfqtetvgh26","name":"azure-cli-sub-level-deploymentfqtetvgh26","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T17:31:24.3489308Z","duration":"PT40.2309974S","correlationId":"533029ab-e53a-4374-8c01-5e73c109d7c1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentsnv3dtluzt","name":"azure-cli-sub-level-deploymentsnv3dtluzt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T17:30:12.7177459Z","duration":"PT28.6313735S","correlationId":"27bc6a08-7028-4e73-8c0a-f15ce75bf2f3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttyma5rcvgz","name":"azure-cli-sub-level-deploymenttyma5rcvgz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T17:05:45.5469133Z","duration":"PT21.385005S","correlationId":"876c8aad-8db4-4f4c-a209-c86ee19ca190","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentinkonralxj","name":"azure-cli-sub-level-deploymentinkonralxj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T10:59:25.0229848Z","duration":"PT50.4974753S","correlationId":"6f946326-8c03-4be2-924d-b8a19667e6ec","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6gohclg7ah","name":"azure-cli-sub-level-deployment6gohclg7ah","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-25T09:04:17.2852709Z","duration":"PT1M17.8760312S","correlationId":"da465434-32e3-4f1b-8ed1-f1bb66f73b63","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentel5gc2e2eo","name":"azure-cli-sub-level-deploymentel5gc2e2eo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-24T05:53:28.8987066Z","duration":"PT32.904936S","correlationId":"92fb1078-94cf-4ed6-a2f2-4384a3d84dbb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment75jyb6ym6o","name":"azure-cli-sub-level-deployment75jyb6ym6o","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-23T05:31:25.6084705Z","duration":"PT45.9031631S","correlationId":"d72f2bc9-45e6-488f-8090-59c22d6a8363","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentg4yta4xvy4","name":"azure-cli-sub-level-deploymentg4yta4xvy4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-22T05:30:02.1735448Z","duration":"PT27.8843775S","correlationId":"0679ebe8-94ea-4b93-9cf7-f988a3a4a63a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2k76m3mrzb","name":"azure-cli-sub-level-deployment2k76m3mrzb","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-21T05:30:48.0981749Z","duration":"PT45.677102S","correlationId":"c44bda5b-b222-4496-b47e-730d7b8bd732","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmhviojkh5x","name":"azure-cli-sub-level-deploymentmhviojkh5x","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-18T05:30:38.0051324Z","duration":"PT1M4.7663793S","correlationId":"d52ab204-6912-418b-a0f9-21421d8b4877","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentp4hadwi6a3","name":"azure-cli-sub-level-deploymentp4hadwi6a3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-17T05:29:46.2280027Z","duration":"PT33.6797815S","correlationId":"fa4ba77e-1e92-4ba1-8249-fd9d658b0c29","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthvvj25ejmh","name":"azure-cli-sub-level-deploymenthvvj25ejmh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-16T05:48:55.1573042Z","duration":"PT1M2.6991764S","correlationId":"56d25dfb-7fe1-44b0-9fc8-077b7889c8d1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjatarz2adr","name":"azure-cli-sub-level-deploymentjatarz2adr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-15T05:42:52.8520141Z","duration":"PT29.4762467S","correlationId":"df3e54ca-5ea1-435d-a7f0-0994a6cf246e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentg5gjufr66i","name":"azure-cli-sub-level-deploymentg5gjufr66i","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-14T05:32:30.3897006Z","duration":"PT45.2069532S","correlationId":"140f978c-0a55-46e8-b019-ee9674a80335","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjumxsuyf5q","name":"azure-cli-sub-level-deploymentjumxsuyf5q","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-11T05:37:15.087196Z","duration":"PT1M1.8538336S","correlationId":"617aa6ed-22fa-49c3-bbc7-1e1617b8a110","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentu3h3xiax7l","name":"azure-cli-sub-level-deploymentu3h3xiax7l","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-10T05:35:04.690931Z","duration":"PT25.0561998S","correlationId":"82a969c3-346d-4833-bc30-fdbc463c0e59","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbwmjw6qvoc","name":"azure-cli-sub-level-deploymentbwmjw6qvoc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-09T05:34:03.6568153Z","duration":"PT1M5.5316182S","correlationId":"59ce393c-3052-4f29-95ad-eaddbece3e21","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentolwwap6fga","name":"azure-cli-sub-level-deploymentolwwap6fga","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-08T05:42:15.6686266Z","duration":"PT33.2825946S","correlationId":"bdd6376f-7929-490e-b8d4-f34b54d74b5e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentw7ah3fnec2","name":"azure-cli-sub-level-deploymentw7ah3fnec2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-07T05:31:30.0159023Z","duration":"PT1M2.7494998S","correlationId":"12dec3d9-508b-4150-8306-5456a850fafd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentoxqyjjneem","name":"azure-cli-sub-level-deploymentoxqyjjneem","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-04T05:31:10.0690507Z","duration":"PT1M9.2437555S","correlationId":"eff6c686-cdb0-44b3-8e79-c65e8c936730","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentdhn4t3i5uy","name":"azure-cli-sub-level-deploymentdhn4t3i5uy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-03T05:28:50.0530589Z","duration":"PT31.524414S","correlationId":"2ad63e6e-3520-484d-8cc7-7d6203855608","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbftcv3gww6","name":"azure-cli-sub-level-deploymentbftcv3gww6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-02T05:30:54.9950375Z","duration":"PT42.3959185S","correlationId":"d54b5fbd-5bb5-48c5-9888-1dd10d6c7ecc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnzssl7zm2g","name":"azure-cli-sub-level-deploymentnzssl7zm2g","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-01T05:29:52.2022237Z","duration":"PT24.5084466S","correlationId":"2367cd94-4fb0-4512-9f5e-274f075eb2f4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6bv4gq3idl","name":"azure-cli-sub-level-deployment6bv4gq3idl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-31T05:29:01.9544697Z","duration":"PT45.0977807S","correlationId":"b47dab72-3202-4ead-8d2a-c2d6e0da59ff","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment3urgay3p5x","name":"azure-cli-sub-level-deployment3urgay3p5x","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-28T05:28:23.6476396Z","duration":"PT22.989586S","correlationId":"94260bef-b544-44e3-9c58-ebddef3c47e1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenti2n76kvueh","name":"azure-cli-sub-level-deploymenti2n76kvueh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-27T05:35:04.5149848Z","duration":"PT1M16.0226307S","correlationId":"e8cb0cad-40d1-4003-88e6-1a1fa1ddd397","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentaivl64itv2","name":"azure-cli-sub-level-deploymentaivl64itv2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-26T05:29:42.5106894Z","duration":"PT28.7600019S","correlationId":"7e0ccf1d-bdd4-42f6-aadf-9644a89b173b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthn4meopu7h","name":"azure-cli-sub-level-deploymenthn4meopu7h","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-25T05:30:45.753227Z","duration":"PT1M25.2458601S","correlationId":"e430576f-35fb-472a-8e88-180038fdc4d9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttajmgrwm3p","name":"azure-cli-sub-level-deploymenttajmgrwm3p","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-21T05:28:02.4692931Z","duration":"PT27.6594309S","correlationId":"c2bbcadb-a9e9-440d-a8c1-8db17357ff3f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}}],"nextLink":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?api-version=2020-10-01&%24skiptoken=3ZLNasMwEISfxTonELU2tLklWC5Jq1X1G9xbSB2wZCRoHWwr%2bN0btfQlcppdZmD52LmiU%2fB96y%2fHvg1eBdf4b7S%2bogORSss0%2bWbs349ffZsCr82E1ghnTxkjtACnl2jxmxBh%2bPdwnmeU7EZh6xVEMnJXD0AE4bqqeISSWzdB3L%2fQ0mGmtmeBgb3J1cBKnYOtC1B8onFTQOlyGgmGFm8PnZFChUkQoDJpBYbbtI%2bVcYYyu79dMFyR5w%2blDTNV%2fci7T21KUMaelmheILJJSA93yHRXSH%2fNu73JX7punn8A"}' headers: cache-control: - no-cache content-length: - - '3510' + - '150810' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:26 GMT + - Mon, 22 Mar 2021 07:11:10 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - deployment sub list + Connection: + - keep-alive + User-Agent: + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?api-version=2020-10-01&%24skiptoken=3ZLNasMwEISfxTonELU2tLklWC5Jq1X1G9xbSB2wZCRoHWwr%2BN0btfQlcppdZmD52LmiU%2FB96y%2FHvg1eBdf4b7S%2BogORSss0%2BWbs349ffZsCr82E1ghnTxkjtACnl2jxmxBh%2BPdwnmeU7EZh6xVEMnJXD0AE4bqqeISSWzdB3L%2FQ0mGmtmeBgb3J1cBKnYOtC1B8onFTQOlyGgmGFm8PnZFChUkQoDJpBYbbtI%2BVcYYyu79dMFyR5w%2BlDTNV%2Fci7T21KUMaelmheILJJSA93yHRXSH%2FNu73JX7punn8A + response: + body: + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentv7bwtt3sv7","name":"azure-cli-sub-level-deploymentv7bwtt3sv7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-20T05:30:24.9709223Z","duration":"PT48.9916151S","correlationId":"471980a5-8cd9-45dd-8526-a7b05340da44","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment54u3fh46ga","name":"azure-cli-sub-level-deployment54u3fh46ga","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-19T05:31:36.8736378Z","duration":"PT25.3386883S","correlationId":"eaf4a21a-cbf7-4284-8c11-44f43deacb87","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentfw3xpmkbon","name":"azure-cli-sub-level-deploymentfw3xpmkbon","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-18T05:31:59.6058664Z","duration":"PT50.5293477S","correlationId":"fffa74c1-1470-4b54-b790-ac98a14327f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlbseongfks","name":"azure-cli-sub-level-deploymentlbseongfks","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-14T05:33:30.3114057Z","duration":"PT59.6055928S","correlationId":"f989bbb0-bb95-47bc-a958-4b086d4cc39a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentwabth2otbt","name":"azure-cli-sub-level-deploymentwabth2otbt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-13T05:29:40.6260739Z","duration":"PT23.7018578S","correlationId":"6fef308f-bce9-4bf4-ac90-ae2d4ecf951c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzyibfmrhnp","name":"azure-cli-sub-level-deploymentzyibfmrhnp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-12T05:33:20.9260959Z","duration":"PT23.1708871S","correlationId":"1c75fc07-eef7-42a2-be46-d17a163ec3a4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentknecij3xkd","name":"azure-cli-sub-level-deploymentknecij3xkd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-11T22:16:15.3988206Z","duration":"PT58.284311S","correlationId":"d034699f-d0c3-4920-af6b-84e9be589b54","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentont4aqetrq","name":"azure-cli-sub-level-deploymentont4aqetrq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-05T05:27:37.4383606Z","duration":"PT32.9974056S","correlationId":"010520d3-f72b-4144-b910-fee98232a59f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment74a5igmnfo","name":"azure-cli-sub-level-deployment74a5igmnfo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-04T05:28:55.7835006Z","duration":"PT1M3.531037S","correlationId":"9863bd00-1af5-4f9b-81a7-a1ae0997399a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentna76jlj3rk","name":"azure-cli-sub-level-deploymentna76jlj3rk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-06-30T05:26:51.1261386Z","duration":"PT25.5466451S","correlationId":"6b420a6e-9f82-45bb-91e9-9c77a09e4cdb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}}]}' + headers: + cache-control: + - no-cache + content-length: + - '18340' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 22 Mar 2021 07:11:11 GMT expires: - '-1' pragma: @@ -606,24 +1096,69 @@ interactions: ParameterSetName: - --filter User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?$filter=provisioningState%20eq%20%27Succeeded%27&api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:59.4976816Z","duration":"PT36.6105837S","correlationId":"51cabcaf-b850-45c0-b77e-d283a77a79ca","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}]}' + string: "{\"value\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001\",\"name\":\"azure-cli-subscription_level_deployment000001\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo000003\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-22T07:10:52.8052403Z\",\"duration\":\"PT55.3681441S\",\"correlationId\":\"d91f86d3-d883-4e53-aea4-c75d9ea0f687\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjzk2icld7vswju6cojdtb\",\"name\":\"azure-cli-subscription_level_deploymentjzk2icld7vswju6cojdtb\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemollvmbnwp\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-22T06:56:27.3298113Z\",\"duration\":\"PT47.9000572S\",\"correlationId\":\"63dba97b-1b4c-4090-87de-bf7f150454e9\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemollvmbnwp\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgbw4yd2pavusiz6zfwotk\",\"name\":\"azure-cli-subscription_level_deploymentgbw4yd2pavusiz6zfwotk\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploydd7t2xs4rsci67yghg5tkkvur4jgphcusoqee4/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployipxhvtbvjkdvr4p5bm33go2xvrezfmsxb2/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoyc2hhg6d\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-22T06:55:14.9180781Z\",\"duration\":\"PT45.722277S\",\"correlationId\":\"4d3e2302-a40f-4eff-87b0-b95f40f8d40e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoyc2hhg6d\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjip7zuqda2nodmwe4h5di\",\"name\":\"azure-cli-subscription_level_deploymentjip7zuqda2nodmwe4h5di\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemon52flbb7\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-18T23:29:37.182401Z\",\"duration\":\"PT34.1751283S\",\"correlationId\":\"6a59b5f3-4cb2-40ce-9e81-3702f8b58726\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemon52flbb7\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/policy_definition_deploy\",\"name\":\"policy_definition_deploy\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"6791821466041245512\",\"parameters\":{\"denyLocation\":{\"type\":\"String\",\"value\":\"northeurope\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-18T23:28:33.9420576Z\",\"duration\":\"PT2.622024S\",\"correlationId\":\"75c1a498-eb0f-45d1-a333-e01392a61022\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]}]}],\"dependencies\":[],\"outputs\":{\"policyDefinitionId\":{\"type\":\"String\",\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test\"}},\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/1\",\"name\":\"1\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_deployment_what_if_template_specsriazzujyuwx6t6hz3jx6xhpdy5p33hxou/providers/Microsoft.Resources/templateSpecs/cli-test-deploy-what-if-sub-deploymd6veyh73elrjfdy6sjvarbf5r/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1669246125929096641\",\"parameters\":{\"denyLocation\":{\"type\":\"String\",\"value\":\"northeurope\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-18T23:27:58.9638937Z\",\"duration\":\"PT2.2779916S\",\"correlationId\":\"18aaeb6b-1a52-4b16-82b6-10279b6db102\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]}]}],\"dependencies\":[],\"outputs\":{\"policyDefinitionId\":{\"type\":\"String\",\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test\"}},\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy-for-what-if-test\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentozqbvtz2uy3v5tzpjmbwx\",\"name\":\"azure-cli-subscription_level_deploymentozqbvtz2uy3v5tzpjmbwx\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemowgqeod7w\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-18T23:26:57.0714958Z\",\"duration\":\"PT30.3196805S\",\"correlationId\":\"ba518d52-08ca-406e-bbf3-529d9a827692\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemowgqeod7w\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbh5vumo2umghhmqgpmgsz\",\"name\":\"azure-cli-subscription_level_deploymentbh5vumo2umghhmqgpmgsz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo4okw7cdx\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-11T23:13:59.6844117Z\",\"duration\":\"PT30.6532164S\",\"correlationId\":\"aeed0da7-c7a7-4ec1-bd52-0d52cc924f88\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4okw7cdx\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment535m6s6yvyd62djmpbyz5\",\"name\":\"azure-cli-subscription_level_deployment535m6s6yvyd62djmpbyz5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo3ahwawuj\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-11T23:11:24.1314099Z\",\"duration\":\"PT31.2480012S\",\"correlationId\":\"6ac42aad-1746-421a-9683-07d98f35f441\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo3ahwawuj\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentrdzg4cntp5ic7wxj64egr\",\"name\":\"azure-cli-subscription_level_deploymentrdzg4cntp5ic7wxj64egr\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemorv5pvorh\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-04T22:57:35.4961143Z\",\"duration\":\"PT30.2309295S\",\"correlationId\":\"a520ddc0-04a7-4e9b-b910-c58dee02780b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemorv5pvorh\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5erugsarqzqhzhnftojpk\",\"name\":\"azure-cli-subscription_level_deployment5erugsarqzqhzhnftojpk\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo6rmp7ara\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-04T22:54:36.6597424Z\",\"duration\":\"PT32.3767489S\",\"correlationId\":\"c68a55e7-a299-4e50-9dbd-a39e535bd071\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo6rmp7ara\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentguyro6i6ri5cwxgnlbweu\",\"name\":\"azure-cli-subscription_level_deploymentguyro6i6ri5cwxgnlbweu\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo3qhrfnrk\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-01T13:40:57.9359231Z\",\"duration\":\"PT34.9800589S\",\"correlationId\":\"11fb2149-c9c5-4bb1-a9b2-b8e83073f0e6\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo3qhrfnrk\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentl435dqlzx2uxvtu3ypqgc\",\"name\":\"azure-cli-subscription_level_deploymentl435dqlzx2uxvtu3ypqgc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemogcen6nnt\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-01T13:37:52.0100201Z\",\"duration\":\"PT34.4967678S\",\"correlationId\":\"5b338cf4-83d9-460e-a170-c23a8142c59f\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemogcen6nnt\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentsaflsxag5uglb7n25fxya\",\"name\":\"azure-cli-subscription_level_deploymentsaflsxag5uglb7n25fxya\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemostz7jy5v\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-25T23:47:13.5052781Z\",\"duration\":\"PT33.9798173S\",\"correlationId\":\"7255cb8e-23f0-4cc0-9d60-41d5f2b377d3\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemostz7jy5v\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6r364wmnrfttqpykfwpyj\",\"name\":\"azure-cli-subscription_level_deployment6r364wmnrfttqpykfwpyj\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo2yq6rmjx\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-25T23:44:39.8784674Z\",\"duration\":\"PT29.9795323S\",\"correlationId\":\"1ac522f5-1322-4969-b26c-b4d5de02d9b4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo2yq6rmjx\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbwodivemzwnkmqwre2tvw\",\"name\":\"azure-cli-subscription_level_deploymentbwodivemzwnkmqwre2tvw\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemov2v5b7jx\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-24T06:30:30.1092015Z\",\"duration\":\"PT34.7765633S\",\"correlationId\":\"0856f750-f08b-48c1-bd6f-a1ae7e95a89d\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemov2v5b7jx\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvfi3pl7vm6k7xlode3jft\",\"name\":\"azure-cli-subscription_level_deploymentvfi3pl7vm6k7xlode3jft\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemob7f6t6be\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-24T06:27:25.3588429Z\",\"duration\":\"PT32.6017938S\",\"correlationId\":\"93409f3c-24d4-4a0f-b427-72ca9c021f0a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemob7f6t6be\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentpuvltrs6lkbt42qpfylq2\",\"name\":\"azure-cli-subscription_level_deploymentpuvltrs6lkbt42qpfylq2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemooakg4jut\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-18T23:10:50.8356139Z\",\"duration\":\"PT29.1827513S\",\"correlationId\":\"a9c4933a-71cc-4686-b7e9-b848eef59bb4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemooakg4jut\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentm4a2alip7lj6p52py3mje\",\"name\":\"azure-cli-subscription_level_deploymentm4a2alip7lj6p52py3mje\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemopzcqesxa\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-18T23:07:56.1765895Z\",\"duration\":\"PT35.7361517S\",\"correlationId\":\"2dc42f35-9a17-4bad-abd4-90713a958756\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemopzcqesxa\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentvilf2edyu3xqcetq7yjzx\",\"name\":\"azure-cli-subscription_level_deploymentvilf2edyu3xqcetq7yjzx\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployavdjxb4a3qdwgmsskok4emabs7kbjevisist2l/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploytmwmqd7udsnjnmwh3yfd4d63loh3ed2k3x/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo4zojorav\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-11T23:06:47.620713Z\",\"duration\":\"PT44.519177S\",\"correlationId\":\"877c9ea4-0f36-44de-8b2b-f0df91e0174a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4zojorav\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4z3lhqezlbpgv7xyjrfd5\",\"name\":\"azure-cli-subscription_level_deployment4z3lhqezlbpgv7xyjrfd5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemodpxjozfm\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-11T23:04:25.0952618Z\",\"duration\":\"PT9.2361604S\",\"correlationId\":\"f692dd33-2355-464a-91d5-e9e408b29631\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemodpxjozfm\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment3yhsk4hj5fyeedxvezau3\",\"name\":\"azure-cli-subscription_level_deployment3yhsk4hj5fyeedxvezau3\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemodpxjozfm\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-11T23:04:05.712075Z\",\"duration\":\"PT30.2652028S\",\"correlationId\":\"419180ab-a88e-4a43-9d21-3c361d9e1460\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemodpxjozfm\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/727a3e17-e2b9-4881-84a0-84042d053094\",\"name\":\"727a3e17-e2b9-4881-84a0-84042d053094\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"9216505373627966963\",\"parameters\":{\"resourceGroupApiVersion\":{\"type\":\"String\",\"value\":\"2019-10-01\"},\"rgName\":{\"type\":\"String\",\"value\":\"clitest_resourcemover_target_rg\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"westus\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-05T09:58:02.1855557Z\",\"duration\":\"PT5.9213213S\",\"correlationId\":\"97485196-ef46-4ee7-9a51-0d889f6bb20c\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/69cb62ae-24cf-4f09-96eb-e47bc5670f7e\",\"name\":\"69cb62ae-24cf-4f09-96eb-e47bc5670f7e\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"9216505373627966963\",\"parameters\":{\"resourceGroupApiVersion\":{\"type\":\"String\",\"value\":\"2019-10-01\"},\"rgName\":{\"type\":\"String\",\"value\":\"clitest_resourcemover_target_rg\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"westus\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-05T09:40:04.9570375Z\",\"duration\":\"PT5.2950777S\",\"correlationId\":\"a8fdbf15-9988-44ce-9e0f-0b0f4a31c288\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/36cb6879-a861-4a56-a314-18746e34c115\",\"name\":\"36cb6879-a861-4a56-a314-18746e34c115\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"9216505373627966963\",\"parameters\":{\"resourceGroupApiVersion\":{\"type\":\"String\",\"value\":\"2019-10-01\"},\"rgName\":{\"type\":\"String\",\"value\":\"clitest_resourcemover_target_rg\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"westus\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-05T08:17:45.8873681Z\",\"duration\":\"PT4.0700308S\",\"correlationId\":\"668acb79-f9c4-4afe-a98c-7ddc210f4803\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/3a44a148-1518-4879-9c25-46b4402644a6\",\"name\":\"3a44a148-1518-4879-9c25-46b4402644a6\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"9216505373627966963\",\"parameters\":{\"resourceGroupApiVersion\":{\"type\":\"String\",\"value\":\"2019-10-01\"},\"rgName\":{\"type\":\"String\",\"value\":\"clitest_resourcemover_target_rg\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"westus\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-05T08:03:35.9602336Z\",\"duration\":\"PT3.5710188S\",\"correlationId\":\"9f6d56d4-2ac4-4262-8944-41797ae65886\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest_resourcemover_target_rg\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbuh3kbdssoq436hf6glpo\",\"name\":\"azure-cli-subscription_level_deploymentbuh3kbdssoq436hf6glpo\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoqadyz5fw\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-04T22:56:25.1024342Z\",\"duration\":\"PT33.9600751S\",\"correlationId\":\"92d7432d-68d1-4204-a86a-7088ddc0d5cf\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoqadyz5fw\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenttzdn3uuw7ertqd3jprdwf\",\"name\":\"azure-cli-subscription_level_deploymenttzdn3uuw7ertqd3jprdwf\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoy3m6p6ky\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-04T22:53:23.4924796Z\",\"duration\":\"PT33.2962787S\",\"correlationId\":\"ab420b5f-ff93-4d2d-a5cd-f12456e886ef\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoy3m6p6ky\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/e2ce8961-a81f-4462-aa72-5c898c2c21b2\",\"name\":\"e2ce8961-a81f-4462-aa72-5c898c2c21b2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7279352615432920602\",\"parameters\":{\"resourceGroupApiVersion\":{\"type\":\"String\",\"value\":\"2019-10-01\"},\"rgName\":{\"type\":\"String\",\"value\":\"houk-test-westus\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"westus\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-02-04T10:14:57.5551878Z\",\"duration\":\"PT3.8874357S\",\"correlationId\":\"ffc5aeaa-52cb-40e4-9763-b88bbe62fcaf\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/houk-test-westus\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfbwh2rczdnnqqs5js27dx\",\"name\":\"azure-cli-subscription_level_deploymentfbwh2rczdnnqqs5js27dx\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo7ennxbgg\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-28T23:39:31.8879434Z\",\"duration\":\"PT32.7588307S\",\"correlationId\":\"2093ae3a-6224-4850-8850-c212d53eeecc\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo7ennxbgg\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentecurubo4uct26xf43u7zq\",\"name\":\"azure-cli-subscription_level_deploymentecurubo4uct26xf43u7zq\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo7dbnuvtu\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-28T23:36:32.8220257Z\",\"duration\":\"PT40.0384728S\",\"correlationId\":\"755101df-1c8f-4cf1-b465-484d4f992655\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo7dbnuvtu\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmsiee36b25ac6d2fmavfw\",\"name\":\"azure-cli-subscription_level_deploymentmsiee36b25ac6d2fmavfw\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoigwvidtp\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-22T16:47:11.9808775Z\",\"duration\":\"PT34.8727525S\",\"correlationId\":\"88c34b99-cadf-4aba-9621-6bfd0521d866\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoigwvidtp\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkfilxnwyvqens2tbjg4lc\",\"name\":\"azure-cli-subscription_level_deploymentkfilxnwyvqens2tbjg4lc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemokrpmri22\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-22T16:44:33.4227134Z\",\"duration\":\"PT26.971964S\",\"correlationId\":\"85c5b51f-06c6-4c5b-91f3-75d26eee99f2\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemokrpmri22\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta53wycv5w6lii5oskql6t\",\"name\":\"azure-cli-subscription_level_deploymenta53wycv5w6lii5oskql6t\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemonrv4dtiv\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-21T23:03:07.023763Z\",\"duration\":\"PT28.8870564S\",\"correlationId\":\"f7bd8d56-f535-4aee-8984-573193279f21\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemonrv4dtiv\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentts5riomth4tqep2zaavbt\",\"name\":\"azure-cli-subscription_level_deploymentts5riomth4tqep2zaavbt\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemolnrb73jk\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-21T23:00:38.8008999Z\",\"duration\":\"PT29.1100323S\",\"correlationId\":\"130b804a-4454-4b64-bcb6-2797a5461a96\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolnrb73jk\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbbfl4ljdjzrjuhc3pvcmw\",\"name\":\"azure-cli-subscription_level_deploymentbbfl4ljdjzrjuhc3pvcmw\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo5haflq2l\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-18T05:49:13.2019249Z\",\"duration\":\"PT32.9362942S\",\"correlationId\":\"83b5bf27-dd13-44c2-b490-f0844884aec0\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5haflq2l\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7dl3aetqdrek34ijnomwf\",\"name\":\"azure-cli-subscription_level_deployment7dl3aetqdrek34ijnomwf\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploystpn4kzpefnm3j3cjb6cafeqardsaqe2gsncvw/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployfztexqcvnjxkjh62w5b3wgnropwzzgrzx3/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemontmcqqwe\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-08T00:49:54.6411384Z\",\"duration\":\"PT38.4813158S\",\"correlationId\":\"62bd2d25-45f4-4bcb-8a43-e7b5367e393e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemontmcqqwe\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentorbr7rp4obprp2pirpqrh\",\"name\":\"azure-cli-subscription_level_deploymentorbr7rp4obprp2pirpqrh\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoikuwjddw\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-01-08T00:47:11.6500123Z\",\"duration\":\"PT34.1190484S\",\"correlationId\":\"0c962da4-e19c-44cb-bf1b-71ab238c049b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoikuwjddw\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sdktest-subnested\",\"name\":\"sdktest-subnested\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"6468055941459966983\",\"parameters\":{},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-31T23:04:51.6872738Z\",\"duration\":\"PT29.7833303S\",\"correlationId\":\"4fcd0292-47df-498b-8f81-dc5dd3a575b5\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"eastus2euap\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py/providers/Microsoft.Resources/deployments/rg-nested\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/azure-cli-sub-resource-groupyqaggocm4vcxx5zjrnmtdrhacdenw3py/providers/Microsoft.Storage/storageAccounts/armbuilddemo55wrumcz\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4koi4aoxktxd4cn4kt5bj\",\"name\":\"azure-cli-subscription_level_deployment4koi4aoxktxd4cn4kt5bj\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploya3j3umaxk2dsvapjlbcqya3hp5ygryek4gssrq/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployd6lhg4cqfwvot2lt7l6huajhcefgmmxupo/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemop6tl555d\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-31T23:03:36.988347Z\",\"duration\":\"PT31.1514586S\",\"correlationId\":\"87392462-80f4-478e-8cb7-f8a1cff7a155\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemop6tl555d\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmp4a2wtjxqpfmz56czkva\",\"name\":\"azure-cli-subscription_level_deploymentmp4a2wtjxqpfmz56czkva\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployfoxpvudcjwktvrulkwqyq5ahvoiilztbism647/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploye3yxydc6vxwrflnganrn56iamsjorqjmpr/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo4tfvxbvb\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-24T22:58:52.9701403Z\",\"duration\":\"PT37.9993679S\",\"correlationId\":\"dd0eca23-9d54-44c8-b17e-d02587fb891c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4tfvxbvb\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentj75qxto7dmb5ha5rscf7v\",\"name\":\"azure-cli-subscription_level_deploymentj75qxto7dmb5ha5rscf7v\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy4a5i27xn6hczfbjj5ijlom2wcuzpkz74c7ixpd/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploys3aprmdvvequnv4xbphk4lrt6w54wjniru/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoosk6jhxy\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-17T23:23:05.7998253Z\",\"duration\":\"PT29.2929804S\",\"correlationId\":\"36e54659-15c6-4d06-9b64-ee384e20ddad\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoosk6jhxy\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment365xevsthlfo3agw4w2aw\",\"name\":\"azure-cli-subscription_level_deployment365xevsthlfo3agw4w2aw\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoswigsqfm\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-11T00:42:55.0518188Z\",\"duration\":\"PT55.1678005S\",\"correlationId\":\"9881e001-5943-497d-b0fd-450f3ae9ce37\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoswigsqfm\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthfw4w4mxaptqpurhljr2m\",\"name\":\"azure-cli-subscription_level_deploymenthfw4w4mxaptqpurhljr2m\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemozhwove3l\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-11T00:39:39.010865Z\",\"duration\":\"PT31.0649151S\",\"correlationId\":\"6aa24db5-16f7-4cbc-bf52-e2e56e9a6a2f\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemozhwove3l\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcrslf2t5z3kwnk3wq2t5m\",\"name\":\"azure-cli-subscription_level_deploymentcrslf2t5z3kwnk3wq2t5m\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployikodmgnfcble6z52o2saombt763ot4r7l7myov/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployu53d73uncl5uwjioz3sa4b2h6ywbasxxoh/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoymaobeem\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-04T00:36:57.4630951Z\",\"duration\":\"PT51.7115268S\",\"correlationId\":\"cb751ecd-ef51-4be6-a458-3fc3361b0f15\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoymaobeem\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentcjyjptcc7ajvp7eciwsz2\",\"name\":\"azure-cli-subscription_level_deploymentcjyjptcc7ajvp7eciwsz2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo4n5o2if7\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-04T00:33:15.8145885Z\",\"duration\":\"PT37.6058202S\",\"correlationId\":\"cdcf23fd-d41e-4ee7-b472-d5fffedae417\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4n5o2if7\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentmhjn2am2agjueduwoyx5b\",\"name\":\"azure-cli-subscription_level_deploymentmhjn2am2agjueduwoyx5b\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployxdzhn7gerfgyt4xcacozlfyymgbixfcjncbmlq/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployuprghkprfp745mhd4thm5odirijbmzlvqa/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemolow5fkbq\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-26T23:25:47.4098992Z\",\"duration\":\"PT58.5686589S\",\"correlationId\":\"9f8ff671-dbc4-4cb6-9f9b-14ee6990027c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolow5fkbq\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentssup74lwfzu3yqddltfx7\",\"name\":\"azure-cli-subscription_level_deploymentssup74lwfzu3yqddltfx7\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemonzg37pmi\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-26T23:21:54.0546508Z\",\"duration\":\"PT47.795077S\",\"correlationId\":\"1c9ebe71-1416-464d-a3c9-f9e1291790fb\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemonzg37pmi\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentkzkzoyae2fl7nx6y7npgd\",\"name\":\"azure-cli-subscription_level_deploymentkzkzoyae2fl7nx6y7npgd\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployxi67uur7iwqltny7bdkcjwyfhydbka237tfp55/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployq457af4hnv6zijijvs3mevemhn4exu63cy/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemodnlrbatd\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-24T06:50:50.6749935Z\",\"duration\":\"PT33.0245184S\",\"correlationId\":\"979f5890-f6a1-402e-8f8e-62095873d5e0\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemodnlrbatd\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentghmtc7ls3zd6bgovkgjbs\",\"name\":\"azure-cli-subscription_level_deploymentghmtc7ls3zd6bgovkgjbs\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo6oubftpk\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-24T06:46:46.6384003Z\",\"duration\":\"PT41.6437255S\",\"correlationId\":\"87c33234-a71d-45dd-bd00-0e783414b8be\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo6oubftpk\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwkyu3atkijodw74rmz24f\",\"name\":\"azure-cli-subscription_level_deploymentwkyu3atkijodw74rmz24f\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployi3lggtkanbqou6y2wqnuey5qjjfsj3secsk5yo/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy3f2onfnyafoe575e6cf65hkpmv2u7s2kv2/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo5wwfki4q\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-20T00:01:45.7448182Z\",\"duration\":\"PT25.4934037S\",\"correlationId\":\"6a47c7f8-e0f4-4a94-b8f2-91e7f223925b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5wwfki4q\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment3k5xlbr3xt6r6kjbkfd6k\",\"name\":\"azure-cli-subscription_level_deployment3k5xlbr3xt6r6kjbkfd6k\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoyfzwpgln\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-12T23:21:54.1601017Z\",\"duration\":\"PT32.6569263S\",\"correlationId\":\"a7764e5d-2e18-4d05-93e6-2d8a1e36a3a4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoyfzwpgln\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6lft4hjzz5wvyrxmwqweu\",\"name\":\"azure-cli-subscription_level_deployment6lft4hjzz5wvyrxmwqweu\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo4ld4hyfd\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-05T23:57:56.4537948Z\",\"duration\":\"PT34.2306516S\",\"correlationId\":\"5d8c07bd-8558-4743-92d0-73d7fca45555\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4ld4hyfd\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgei3pk4cfhqrtgqqlnyq7\",\"name\":\"azure-cli-subscription_level_deploymentgei3pk4cfhqrtgqqlnyq7\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoogqghzys\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-05T23:54:47.547438Z\",\"duration\":\"PT32.4244557S\",\"correlationId\":\"70821372-4c7c-4f6e-88b9-060646e27128\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoogqghzys\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv5hl7r4v5ixi2f5okuaqx\",\"name\":\"azure-cli-subscription_level_deploymentv5hl7r4v5ixi2f5okuaqx\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoheaqp4o3\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-03T09:09:48.8043634Z\",\"duration\":\"PT54.2647766S\",\"correlationId\":\"a724218c-0c59-43cd-81a4-05463eb2ef76\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoheaqp4o3\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjoj2zkwhlgzav67noj6rj\",\"name\":\"azure-cli-subscription_level_deploymentjoj2zkwhlgzav67noj6rj\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemop7wwbus6\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-03T08:17:11.5981865Z\",\"duration\":\"PT46.2024706S\",\"correlationId\":\"a4a6e817-8424-4376-b19c-84347128320d\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemop7wwbus6\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentodwr2nuktauclxbmed7c5\",\"name\":\"azure-cli-subscription_level_deploymentodwr2nuktauclxbmed7c5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateLink\":{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deployyqls2khmkwewmzrxfdqj24vmbppyhj2g7lbnie/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deployebfoftqen6znoiprmzsgpxc5po6jfnbn2q/versions/1.0\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"1013067532690748919\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemom64tuqpe\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-03T08:02:58.4603338Z\",\"duration\":\"PT1M40.5467594S\",\"correlationId\":\"da8c95de-2a58-47c8-abfa-a576f3e49623\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemom64tuqpe\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentdvlqd53kz6wht32dt65u3\",\"name\":\"azure-cli-subscription_level_deploymentdvlqd53kz6wht32dt65u3\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo5t7jh433\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-01T22:54:18.9438245Z\",\"duration\":\"PT33.0414565S\",\"correlationId\":\"3f3d9159-1dfc-45d5-92a1-17dac9bf6918\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5t7jh433\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2zybpneoss2psgnepo2rf\",\"name\":\"azure-cli-subscription_level_deployment2zybpneoss2psgnepo2rf\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo33fdzzrw\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-11-01T22:51:41.4927779Z\",\"duration\":\"PT30.2840155S\",\"correlationId\":\"9ceccd4c-1425-46f7-8d38-d41108e00b4c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo33fdzzrw\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyufmjtkyuqwixosfj5xqa\",\"name\":\"azure-cli-subscription_level_deploymentyufmjtkyuqwixosfj5xqa\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemowvkosno6\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-27T09:42:04.6473494Z\",\"duration\":\"PT45.8093909S\",\"correlationId\":\"574f5a56-170f-4eae-a358-b20d44ca3448\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemowvkosno6\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentpsxkqur3z2bh2ybrs4ikw\",\"name\":\"azure-cli-subscription_level_deploymentpsxkqur3z2bh2ybrs4ikw\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemolfqs7mn5\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-27T09:38:33.4383697Z\",\"duration\":\"PT59.1903818S\",\"correlationId\":\"5700e763-0daa-4a70-bd50-4df353dfd9a5\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolfqs7mn5\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentujgvqefwipzidwp5z3x5x\",\"name\":\"azure-cli-subscription_level_deploymentujgvqefwipzidwp5z3x5x\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemox5wdpv3q\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-27T06:39:39.853222Z\",\"duration\":\"PT35.012633S\",\"correlationId\":\"4a958f4f-ccb8-40e4-a831-48228091ee58\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemox5wdpv3q\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentamlqdza42iy7ypapyurpz\",\"name\":\"azure-cli-subscription_level_deploymentamlqdza42iy7ypapyurpz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemowpffmhgc\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-27T06:36:32.2485974Z\",\"duration\":\"PT33.1649548S\",\"correlationId\":\"218b076b-4506-4f25-8ae1-48f8dfa0d6fd\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemowpffmhgc\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthkl4nt3ez5jodq4hqxrrm\",\"name\":\"azure-cli-subscription_level_deploymenthkl4nt3ez5jodq4hqxrrm\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoyk2um5dz\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-26T08:35:58.0062204Z\",\"duration\":\"PT42.4853873S\",\"correlationId\":\"91f21c13-dbcc-4b4b-832a-f409692cc4d2\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoyk2um5dz\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentafzvn6ltgsnmfha3de4rz\",\"name\":\"azure-cli-subscription_level_deploymentafzvn6ltgsnmfha3de4rz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemohdnig6at\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-26T08:24:57.7263588Z\",\"duration\":\"PT51.3650992S\",\"correlationId\":\"9c3d693f-f065-4cc0-9d1c-6975afe7ccbe\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemocrf4nkw3\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfdm3urpx6jjwdtvrcez7u\",\"name\":\"azure-cli-subscription_level_deploymentfdm3urpx6jjwdtvrcez7u\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemocrf4nkw3\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-26T08:24:59.680664Z\",\"duration\":\"PT53.6754822S\",\"correlationId\":\"91b39b19-5963-4771-a6ec-a8910099896a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemocrf4nkw3\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentlgx2psb3w3qdxd7hh5dz4\",\"name\":\"azure-cli-subscription_level_deploymentlgx2psb3w3qdxd7hh5dz4\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo47kchprs\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-23T17:24:15.7501573Z\",\"duration\":\"PT31.2634498S\",\"correlationId\":\"8f59b1e8-a10f-4541-9396-33d1906e32a9\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo47kchprs\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentfa5a3otuwbstxryiteqa2\",\"name\":\"azure-cli-subscription_level_deploymentfa5a3otuwbstxryiteqa2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemojggn24ze\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-23T17:21:17.1116337Z\",\"duration\":\"PT33.2488244S\",\"correlationId\":\"42b8c398-5c45-404c-a1bb-b322c2268168\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemojggn24ze\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5tzx7y72mzbinbw2x6fq6\",\"name\":\"azure-cli-subscription_level_deployment5tzx7y72mzbinbw2x6fq6\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo4m5ulpzt\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-18T17:16:21.5229853Z\",\"duration\":\"PT31.2984455S\",\"correlationId\":\"f4ee9a0c-b6c9-499f-8caf-5f6f81539683\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo4m5ulpzt\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentenlagk5oals4asg3ulgfc\",\"name\":\"azure-cli-subscription_level_deploymentenlagk5oals4asg3ulgfc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemol7khyufg\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-18T17:13:10.7481358Z\",\"duration\":\"PT32.3788985S\",\"correlationId\":\"ce792535-a9b8-463b-be27-98c6d22ee99d\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemol7khyufg\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenty5vuqjjorrysu6dfrexnz\",\"name\":\"azure-cli-subscription_level_deploymenty5vuqjjorrysu6dfrexnz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo2xfu5hxj\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-16T19:37:13.7432944Z\",\"duration\":\"PT29.0826519S\",\"correlationId\":\"6e17e194-532d-4710-b147-1190a7062995\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo2xfu5hxj\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwn4zmo5uqrqlnbz45ilmc\",\"name\":\"azure-cli-subscription_level_deploymentwn4zmo5uqrqlnbz45ilmc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoddrounqv\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-16T19:34:43.2881706Z\",\"duration\":\"PT31.1178768S\",\"correlationId\":\"bd54aee8-df5b-4398-a0aa-ae64dada6a14\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoddrounqv\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentdaqu53w4a3sqbkxzprvyo\",\"name\":\"azure-cli-subscription_level_deploymentdaqu53w4a3sqbkxzprvyo\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoageydvor\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-14T17:48:42.0852006Z\",\"duration\":\"PT34.2981213S\",\"correlationId\":\"a1a8dccf-00c0-49f4-a203-158aab6636be\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoageydvor\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment5gi5rpw2xk7t5kfacybvy\",\"name\":\"azure-cli-subscription_level_deployment5gi5rpw2xk7t5kfacybvy\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo5hxxlla4\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-14T17:45:36.584888Z\",\"duration\":\"PT35.57644S\",\"correlationId\":\"32bcc7db-c199-40e5-a51e-9579f66deba4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo5hxxlla4\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenta6p3gqn4wbbagdqfp7tyy\",\"name\":\"azure-cli-subscription_level_deploymenta6p3gqn4wbbagdqfp7tyy\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoff3r2fvm\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-12T13:11:01.2313557Z\",\"duration\":\"PT30.9251196S\",\"correlationId\":\"c597ecec-9f6e-48a5-b6be-f232844c0fd6\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoff3r2fvm\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentslp6itj4eskjyvm4a4qgt\",\"name\":\"azure-cli-subscription_level_deploymentslp6itj4eskjyvm4a4qgt\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemolhhd5a7s\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-10-12T13:07:57.3419099Z\",\"duration\":\"PT35.0239998S\",\"correlationId\":\"bcfdb3dd-1dc3-4d00-8cda-a868bd0aeed2\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemolhhd5a7s\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthb47xnhlldf2rqb2nfpht\",\"name\":\"azure-cli-subscription_level_deploymenthb47xnhlldf2rqb2nfpht\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoahur6yn5\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-28T17:14:26.4948934Z\",\"duration\":\"PT31.2277817S\",\"correlationId\":\"de3ac222-2b71-4ff9-8b51-fd2ef618a867\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoahur6yn5\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymento2sqcl7fjq7satzpmmzsh\",\"name\":\"azure-cli-subscription_level_deploymento2sqcl7fjq7satzpmmzsh\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo3pdzixnp\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-28T17:11:50.9259137Z\",\"duration\":\"PT31.4115568S\",\"correlationId\":\"29f17f56-c4b4-4285-9aac-f278105fd667\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo3pdzixnp\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment77wbjmoaj55gqugwy6gey\",\"name\":\"azure-cli-subscription_level_deployment77wbjmoaj55gqugwy6gey\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoknyeibzk\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-26T15:40:40.452254Z\",\"duration\":\"PT32.0441099S\",\"correlationId\":\"cd575747-fd5a-40f1-b866-c62c482d8881\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoknyeibzk\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentldzaesyxpblswqvd6lctn\",\"name\":\"azure-cli-subscription_level_deploymentldzaesyxpblswqvd6lctn\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemopyupncud\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-26T15:37:33.3444058Z\",\"duration\":\"PT34.7600055S\",\"correlationId\":\"cc1ca69e-ed92-429e-9edb-f188541e3448\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemopyupncud\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenthx6tdczws2i43r47zjznj\",\"name\":\"azure-cli-subscription_level_deploymenthx6tdczws2i43r47zjznj\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemouhciwzba\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-25T20:25:54.3910017Z\",\"duration\":\"PT35.4671695S\",\"correlationId\":\"6c2d82cf-545c-49f7-bc66-cbfc35d816d9\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemouhciwzba\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwzts3rw5kfags3nkkknfl\",\"name\":\"azure-cli-subscription_level_deploymentwzts3rw5kfags3nkkknfl\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemos7bfu3lw\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-25T20:22:59.4623502Z\",\"duration\":\"PT41.2073051S\",\"correlationId\":\"6b7f0283-cf84-465a-8598-67db0a34ee3b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemos7bfu3lw\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment4nabp3xuz3klmeqcgxpia\",\"name\":\"azure-cli-subscription_level_deployment4nabp3xuz3klmeqcgxpia\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemooo4f5vk5\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-18T19:42:44.4324159Z\",\"duration\":\"PT36.2681426S\",\"correlationId\":\"2cfb0f69-0914-4d22-b0df-48880f585882\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemooo4f5vk5\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd3751\",\"name\":\"csmd3751\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"tags\":{\"tagKey1\":\"tagValue1\"},\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1803\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-15T01:27:21.4686527Z\",\"duration\":\"PT48.5308794S\",\"correlationId\":\"45ccc9df-f97b-4c52-98df-66012e2c05ab\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd8514\",\"name\":\"csmd8514\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"tags\":{\"tagKey1\":\"tagValue1\"},\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1803\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-14T09:53:53.1203438Z\",\"duration\":\"PT40.8206612S\",\"correlationId\":\"ff3fff13-926b-4cf3-a090-ed7bb4b6d0e3\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd700\",\"name\":\"csmd700\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"tags\":{\"tagKey1\":\"tagValue1\"},\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1803\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-14T09:45:08.5594938Z\",\"duration\":\"PT47.0072844S\",\"correlationId\":\"17191fe7-f842-4c85-a40d-99ec91b741e3\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd7541\",\"name\":\"csmd7541\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"tags\":{\"tagKey1\":\"tagValue1\"},\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1803\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-14T09:10:55.4991831Z\",\"duration\":\"PT38.215079S\",\"correlationId\":\"2b38e4db-0c10-4fd7-802b-300967fe525c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/armbuilddemo1803\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentszof7w2ssvbn7u2lhpflg\",\"name\":\"azure-cli-subscription_level_deploymentszof7w2ssvbn7u2lhpflg\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemotdv7apam\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-08-28T09:08:20.0379649Z\",\"duration\":\"PT1M1.3476761S\",\"correlationId\":\"54464f60-409f-4738-8011-1fab3e235027\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemotdv7apam\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjs47cmthd7p6ubpely4li\",\"name\":\"azure-cli-subscription_level_deploymentjs47cmthd7p6ubpely4li\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemoj7ttfpav\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-08-28T08:25:48.8304143Z\",\"duration\":\"PT53.8448205S\",\"correlationId\":\"6b7feda0-99f3-42a0-97de-37c8f839d94b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemoj7ttfpav\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjfa4b5x5n7nlzbbu2sq35\",\"name\":\"azure-cli-subscription_level_deploymentjfa4b5x5n7nlzbbu2sq35\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-08-18T11:01:22.6749577Z\",\"duration\":\"PT33.1443174S\",\"correlationId\":\"5a0a4dd3-ad23-4724-967a-2890134c3e6e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployments2h5xpgheb2bnerrlisp2\",\"name\":\"azure-cli-subscription_level_deployments2h5xpgheb2bnerrlisp2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-08-17T07:40:17.4925876Z\",\"duration\":\"PT34.7434411S\",\"correlationId\":\"4e06af9c-be10-4dbd-a694-e85aa9d37066\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymente6gzvteka3jvnjbuppe7x\",\"name\":\"azure-cli-subscription_level_deploymente6gzvteka3jvnjbuppe7x\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-08-14T19:48:28.7376171Z\",\"duration\":\"PT55.1788356S\",\"correlationId\":\"d36d4373-b7d1-4a7b-ad0a-f1ade9479764\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment73lfdwunsvnur7wkpnyvg\",\"name\":\"azure-cli-subscription_level_deployment73lfdwunsvnur7wkpnyvg\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-25T01:18:22.0158901Z\",\"duration\":\"PT38.859889S\",\"correlationId\":\"56b5ec80-8fb1-4ac7-a941-9d23108e975c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment54xy2jdhbuyg7mnm4ciiw\",\"name\":\"azure-cli-subscription_level_deployment54xy2jdhbuyg7mnm4ciiw\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-25T01:15:11.0769517Z\",\"duration\":\"PT37.4332934S\",\"correlationId\":\"63512c1a-36d1-4d37-a999-f9e1c1ec42f0\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgs7sfvatdpwp2mttgmabj\",\"name\":\"azure-cli-subscription_level_deploymentgs7sfvatdpwp2mttgmabj\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-18T01:14:53.1821199Z\",\"duration\":\"PT39.986168S\",\"correlationId\":\"953c02a4-3558-4e12-be57-f8ac6b4b8e97\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment6xdmccreoaijqtxgvw3ue\",\"name\":\"azure-cli-subscription_level_deployment6xdmccreoaijqtxgvw3ue\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-18T01:11:41.4984238Z\",\"duration\":\"PT35.3309029S\",\"correlationId\":\"37356d12-177a-4019-8fe3-bccae8bf7de7\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentuy2smi7tpgsqwiwxifuol\",\"name\":\"azure-cli-subscription_level_deploymentuy2smi7tpgsqwiwxifuol\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-15T16:18:34.6883167Z\",\"duration\":\"PT38.1736667S\",\"correlationId\":\"e9fb85b9-7cbb-4559-b674-e2283faa1d23\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentntyf7lcqbacmlyyzteiei\",\"name\":\"azure-cli-subscription_level_deploymentntyf7lcqbacmlyyzteiei\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-14T09:27:59.0873879Z\",\"duration\":\"PT39.2054954S\",\"correlationId\":\"1f1a46eb-58fc-4bb3-ba9a-959686ac57c4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentoty225tribntevn5j46fs\",\"name\":\"azure-cli-subscription_level_deploymentoty225tribntevn5j46fs\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-11T01:17:46.7282712Z\",\"duration\":\"PT31.2050304S\",\"correlationId\":\"218613db-e5df-4d01-8b52-74931afe3bf0\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentwo64k5giic4zvgbv3lqxc\",\"name\":\"azure-cli-subscription_level_deploymentwo64k5giic4zvgbv3lqxc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-11T01:14:57.087343Z\",\"duration\":\"PT41.7812905S\",\"correlationId\":\"71160e66-a113-4e31-8748-2f7301208ee1\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentgfcwlr7536i37xhlg3wpc\",\"name\":\"azure-cli-subscription_level_deploymentgfcwlr7536i37xhlg3wpc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-04T01:14:30.1792929Z\",\"duration\":\"PT36.3043492S\",\"correlationId\":\"6f747df4-e893-4b97-ab07-8f2966218b32\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbg7bzt57n3pb3znbep4cz\",\"name\":\"azure-cli-subscription_level_deploymentbg7bzt57n3pb3znbep4cz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-07-04T01:11:27.3594183Z\",\"duration\":\"PT38.601173S\",\"correlationId\":\"6b2e6ba0-0e27-4cc2-8abe-be77332760fa\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentotsc4xz6itgqemrmtocap\",\"name\":\"azure-cli-subscription_level_deploymentotsc4xz6itgqemrmtocap\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-05-26T10:35:26.5203853Z\",\"duration\":\"PT41.9017154S\",\"correlationId\":\"f651207c-5bd6-4983-862a-ebb0a753f245\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentxtibmvss7ds24mvau52eu\",\"name\":\"azure-cli-subscription_level_deploymentxtibmvss7ds24mvau52eu\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-05-26T10:02:38.5322293Z\",\"duration\":\"PT1M5.7028117S\",\"correlationId\":\"f8c789b7-2233-4c67-acfe-795cd3189ffb\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv4vdegmfbmgc37qhyx5fs\",\"name\":\"azure-cli-subscription_level_deploymentv4vdegmfbmgc37qhyx5fs\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-15T07:10:38.6476468Z\",\"duration\":\"PT45.337928S\",\"correlationId\":\"4e448478-7f3c-49ec-b0f9-1899fe7b59e2\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentacetv5z3ugsqi6jal2pf3\",\"name\":\"azure-cli-subscription_level_deploymentacetv5z3ugsqi6jal2pf3\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"13231341667663423384\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-15T06:42:51.1979236Z\",\"duration\":\"PT2M11.2418549S\",\"correlationId\":\"eaee1853-4fa2-4ddd-82c0-1a726ec539cf\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested6\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenty42addrvpmrkkjkyt4lpc\",\"name\":\"azure-cli-subscription_level_deploymenty42addrvpmrkkjkyt4lpc\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"11988132718221257316\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-08T05:31:36.9190021Z\",\"duration\":\"PT1M7.2332434S\",\"correlationId\":\"6bffc212-c910-4e4e-9b9f-a4ee936c7e39\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested5\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentzsmyaxu256s4zfevzuwu2\",\"name\":\"azure-cli-subscription_level_deploymentzsmyaxu256s4zfevzuwu2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"11988132718221257316\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-08T04:48:55.7968005Z\",\"duration\":\"PT59.6620052S\",\"correlationId\":\"10f0f6a3-873a-4b8e-95c9-bf02b23ae002\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested5\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested5\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentuokevvrrdxlask2pvfowe\",\"name\":\"azure-cli-subscription_level_deploymentuokevvrrdxlask2pvfowe\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-08T02:19:48.5501298Z\",\"duration\":\"PT1M37.640817S\",\"correlationId\":\"f38b191c-48ae-4614-8257-d217c7d62746\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenth7vtbk6t5qbfomrtt2zbi\",\"name\":\"azure-cli-subscription_level_deploymenth7vtbk6t5qbfomrtt2zbi\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-07T10:07:47.2843948Z\",\"duration\":\"PT50.5957411S\",\"correlationId\":\"f635b163-24b2-4419-9b48-ee06ee594ca9\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv6th2ulv2anxuvif6pxig\",\"name\":\"azure-cli-subscription_level_deploymentv6th2ulv2anxuvif6pxig\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"418421955430290883\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T05:00:18.7360016Z\",\"duration\":\"PT2M37.2566618S\",\"correlationId\":\"a910e357-bb6e-484a-b4c5-b24b74015965\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested4\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentyvq23vdkvlxsykalpvfba\",\"name\":\"azure-cli-subscription_level_deploymentyvq23vdkvlxsykalpvfba\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"418421955430290883\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T04:02:32.9606413Z\",\"duration\":\"PT1M16.5783883S\",\"correlationId\":\"a3ec32c3-08bc-43a6-86f5-8c888bed1a40\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested4\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentsftahh2gosfv6im2b3d24\",\"name\":\"azure-cli-subscription_level_deploymentsftahh2gosfv6im2b3d24\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"418421955430290883\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T03:56:41.4131431Z\",\"duration\":\"PT1M55.7016047S\",\"correlationId\":\"dc625047-c6d2-402b-8b61-5230550b910f\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested4\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentbbp5b7lno4nb3zntusljp\",\"name\":\"azure-cli-subscription_level_deploymentbbp5b7lno4nb3zntusljp\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"418421955430290883\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T03:54:25.3007197Z\",\"duration\":\"PT1M49.5323412S\",\"correlationId\":\"2aa43124-6e6e-4fc1-9033-af2f28b8e484\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested4\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested4\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2bdvipler5d2eaq7xs72i\",\"name\":\"azure-cli-subscription_level_deployment2bdvipler5d2eaq7xs72i\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T03:45:53.7898261Z\",\"duration\":\"PT39.3899081S\",\"correlationId\":\"6429126c-3e88-4e5d-8699-e93f38ed11f0\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentv2bz5wtzmn2fm64e3xcuf\",\"name\":\"azure-cli-subscription_level_deploymentv2bz5wtzmn2fm64e3xcuf\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T03:44:52.0062377Z\",\"duration\":\"PT1M16.9524018S\",\"correlationId\":\"94f39d07-7ed9-4418-bb9d-298ba37896df\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymenth5sic3gxdwcw7aurayd3n\",\"name\":\"azure-cli-subscription_level_deploymenth5sic3gxdwcw7aurayd3n\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-04-03T03:07:26.8636099Z\",\"duration\":\"PT1M44.6396682S\",\"correlationId\":\"f1c3db0b-dcbb-4d72-ba28-90df19dbd4fe\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2mgliofjcdscllog3qlb7\",\"name\":\"azure-cli-subscription_level_deployment2mgliofjcdscllog3qlb7\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-18T03:43:16.6752107Z\",\"duration\":\"PT2M8.0000393S\",\"correlationId\":\"8c9c95c2-0245-430a-8a95-9f93a9a0472d\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2egmp5fntu34jbg7h62hl\",\"name\":\"azure-cli-subscription_level_deployment2egmp5fntu34jbg7h62hl\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-18T03:31:14.0970699Z\",\"duration\":\"PT2M25.2416658S\",\"correlationId\":\"c7f01194-cfaf-4e29-b3f2-f767c4551f14\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentjhqy6kk6d5rayzyrnxwgz\",\"name\":\"azure-cli-subscription_level_deploymentjhqy6kk6d5rayzyrnxwgz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12156591585820873159\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-18T03:24:14.6191082Z\",\"duration\":\"PT1M26.7430068S\",\"correlationId\":\"59a0788b-42ca-4202-b8d4-7b3c4267b7a1\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/simple-template\",\"name\":\"simple-template\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"14792193588386932643\",\"parameters\":{\"nestedRGName\":{\"type\":\"String\",\"value\":\"zhoxing-test\xC4\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-11T04:00:18.0176769Z\",\"duration\":\"PT45.1518854S\",\"correlationId\":\"e0e4490f-0eef-4613-8b0c-a70d17d7b680\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/zhoxing-test\xC4\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment2lv6omcdqanzy2udxgtye\",\"name\":\"azure-cli-subscription_level_deployment2lv6omcdqanzy2udxgtye\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"15484027130492544714\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-04T16:03:39.2858189Z\",\"duration\":\"PT3M29.7007437S\",\"correlationId\":\"ba0eca1d-9636-4a69-ab7f-515691c355f4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment7oilx3sfxhvqxp2w2upmz\",\"name\":\"azure-cli-subscription_level_deployment7oilx3sfxhvqxp2w2upmz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"15484027130492544714\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18221\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-04T13:59:35.0226259Z\",\"duration\":\"PT2M28.41037S\",\"correlationId\":\"ade1e2d5-c2f8-4a05-a9cb-0dd2162870bd\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18221\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentewzabsj3grdksbjcluzgn\",\"name\":\"azure-cli-subscription_level_deploymentewzabsj3grdksbjcluzgn\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"15484027130492544714\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18224\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-04T13:38:52.678036Z\",\"duration\":\"PT2M23.2895434S\",\"correlationId\":\"b238c172-bfd7-4161-9039-23ad90c92386\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18224\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deploymentemgk7bur7h3pngvml55ph\",\"name\":\"azure-cli-subscription_level_deploymentemgk7bur7h3pngvml55ph\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"15484027130492544714\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo18223\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-03-04T13:32:02.6178791Z\",\"duration\":\"PT2M30.6506289S\",\"correlationId\":\"ceb034eb-715a-4120-992b-a1da22763016\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"westus\"]},{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"},{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\",\"resourceType\":\"Microsoft.Resources/resourceGroups\",\"resourceName\":\"cli_test_subscription_level_deployment\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested3\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"rg-nested3\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo18223\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-parametersploymenthmxm57ur254xtzpcyvdqii\",\"name\":\"azure-cli-sub-level-parametersploymenthmxm57ur254xtzpcyvdqii\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"11027062374577539273\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-02-20T11:56:50.4004282Z\",\"duration\":\"PT49.4913139S\",\"correlationId\":\"1935fdba-6ff6-49ff-812f-790121d19277\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-parametersploymentgehmucl4rvwm2eyejciwff\",\"name\":\"azure-cli-sub-level-parametersploymentgehmucl4rvwm2eyejciwff\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"11027062374577539273\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-02-20T11:52:20.8694248Z\",\"duration\":\"PT2M13.6605864S\",\"correlationId\":\"f6db6de9-5c0b-4b8d-be0a-8131a9797e41\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azuredeploy\",\"name\":\"azuredeploy\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"12355051252284347413\",\"parameters\":{},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-01-19T02:10:16.9396307Z\",\"duration\":\"PT7.2726623S\",\"correlationId\":\"70bd0210-5251-4197-aea6-58d37fe47a9c\",\"providers\":[],\"dependencies\":[],\"outputs\":{},\"outputResources\":[]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/PS-SimpleBlueprintDefinition\",\"name\":\"PS-SimpleBlueprintDefinition\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"15210439517227196476\",\"parameters\":{},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-02-25T22:16:53.2851897Z\",\"duration\":\"PT15.2258878S\",\"correlationId\":\"c876d422-d25e-432c-8894-0360de146e27\",\"providers\":[{\"namespace\":\"Microsoft.Blueprint\",\"resourceTypes\":[{\"resourceType\":\"blueprints\",\"locations\":[null]},{\"resourceType\":\"blueprints/versions\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition\",\"resourceType\":\"Microsoft.Blueprint/blueprints\",\"resourceName\":\"PS-SimpleBlueprintDefinition\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition/versions/v1\",\"resourceType\":\"Microsoft.Blueprint/blueprints/versions\",\"resourceName\":\"PS-SimpleBlueprintDefinition/v1\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprintDefinition/versions/v1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/PS-SimpleBlueprint\",\"name\":\"PS-SimpleBlueprint\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"1748951007796543009\",\"parameters\":{},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-02-25T22:10:02.2696877Z\",\"duration\":\"PT18.1526746S\",\"correlationId\":\"ea58b179-ccd8-4a54-bb60-16fab3d1a3a8\",\"providers\":[{\"namespace\":\"Microsoft.Blueprint\",\"resourceTypes\":[{\"resourceType\":\"blueprints\",\"locations\":[null]},{\"resourceType\":\"blueprints/versions\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint\",\"resourceType\":\"Microsoft.Blueprint/blueprints\",\"resourceName\":\"PS-SimpleBlueprint\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint/versions/v1\",\"resourceType\":\"Microsoft.Blueprint/blueprints/versions\",\"resourceName\":\"PS-SimpleBlueprint/v1\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprints/PS-SimpleBlueprint/versions/v1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenti7d65nxm3t\",\"name\":\"azure-cli-sub-level-deploymenti7d65nxm3t\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-12T06:50:15.4230349Z\",\"duration\":\"PT44.6818179S\",\"correlationId\":\"fe33450e-83fa-4592-842e-054d6a817a30\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcjv5npvl4l\",\"name\":\"azure-cli-sub-level-deploymentcjv5npvl4l\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-11T06:47:41.7368215Z\",\"duration\":\"PT28.5732397S\",\"correlationId\":\"73583652-1870-4893-b580-f25b64615be6\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentza6vygg3la\",\"name\":\"azure-cli-sub-level-deploymentza6vygg3la\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-10T06:48:36.4510764Z\",\"duration\":\"PT47.7938165S\",\"correlationId\":\"0d2d7f66-dba8-4962-b7fc-75530469373c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentusj6ztwcof\",\"name\":\"azure-cli-sub-level-deploymentusj6ztwcof\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-09T06:48:21.2908079Z\",\"duration\":\"PT19.7544924S\",\"correlationId\":\"6e9957c9-1ad6-4e7e-bfc3-6267f3668fdf\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttyrue4amsp\",\"name\":\"azure-cli-sub-level-deploymenttyrue4amsp\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-08T06:49:47.6352578Z\",\"duration\":\"PT39.8629146S\",\"correlationId\":\"e430bcb5-6a45-4671-aebf-2eaa4221456c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymento62gv3hid6\",\"name\":\"azure-cli-sub-level-deploymento62gv3hid6\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-05T06:52:40.9250878Z\",\"duration\":\"PT23.9253758S\",\"correlationId\":\"5d34f77f-2e01-480a-9a5e-515a6eb273b0\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentpnpnozhakz\",\"name\":\"azure-cli-sub-level-deploymentpnpnozhakz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-04T06:48:35.445234Z\",\"duration\":\"PT15.1739397S\",\"correlationId\":\"7ab8b6a2-d3fb-49b9-9d5a-c07b6d762cc8\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlnwmaa3ze5\",\"name\":\"azure-cli-sub-level-deploymentlnwmaa3ze5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-03T06:51:43.300224Z\",\"duration\":\"PT38.3051879S\",\"correlationId\":\"2831bf49-d1ce-4079-8e3f-17bccbe0422a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentsissuasqxe\",\"name\":\"azure-cli-sub-level-deploymentsissuasqxe\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-02T06:45:39.0982672Z\",\"duration\":\"PT20.9519184S\",\"correlationId\":\"2d05e491-c50e-453c-8f8c-f8fc4dd343e9\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzm4di66nja\",\"name\":\"azure-cli-sub-level-deploymentzm4di66nja\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2019-01-01T06:47:40.377996Z\",\"duration\":\"PT55.4858159S\",\"correlationId\":\"69a3ff48-6324-49ec-a6dd-1ead68ebc7e8\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2yle5khexf\",\"name\":\"azure-cli-sub-level-deployment2yle5khexf\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-29T06:47:59.8655323Z\",\"duration\":\"PT53.6236685S\",\"correlationId\":\"7bb3a203-c511-4647-a430-d3606266d7df\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentkhzsirwvrb\",\"name\":\"azure-cli-sub-level-deploymentkhzsirwvrb\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-28T06:48:06.1877844Z\",\"duration\":\"PT23.4869331S\",\"correlationId\":\"797f952f-3746-474f-9996-27c0f260ee6b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentyomx2vyroy\",\"name\":\"azure-cli-sub-level-deploymentyomx2vyroy\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-27T06:51:26.621804Z\",\"duration\":\"PT52.2258559S\",\"correlationId\":\"a71fb5af-8c60-477c-a092-e02c7f806da4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment7gyhguqrsl\",\"name\":\"azure-cli-sub-level-deployment7gyhguqrsl\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-26T06:49:48.4697615Z\",\"duration\":\"PT27.8042956S\",\"correlationId\":\"db456762-a0c2-4029-8e1d-ff96c44a88c6\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment7kmpk54kh5\",\"name\":\"azure-cli-sub-level-deployment7kmpk54kh5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-25T06:49:34.8281707Z\",\"duration\":\"PT49.1259625S\",\"correlationId\":\"6d73a25f-480b-49e5-bd0e-b77d012d254f\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentabdqpmkgkh\",\"name\":\"azure-cli-sub-level-deploymentabdqpmkgkh\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-22T06:49:19.0744339Z\",\"duration\":\"PT45.5726481S\",\"correlationId\":\"edcb5a76-f276-4e5a-acc7-7271792a1b8a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment76ntcpnkil\",\"name\":\"azure-cli-sub-level-deployment76ntcpnkil\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-21T06:51:24.7881961Z\",\"duration\":\"PT1M7.5710523S\",\"correlationId\":\"4c655ad4-140b-4026-bff3-d590be6168b1\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttm2i4gmzgy\",\"name\":\"azure-cli-sub-level-deploymenttm2i4gmzgy\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-20T06:48:52.680939Z\",\"duration\":\"PT57.8149837S\",\"correlationId\":\"a4b430c8-b998-440a-ae72-23ef472f698e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlzvp3pmyhn\",\"name\":\"azure-cli-sub-level-deploymentlzvp3pmyhn\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-18T06:49:10.9340289Z\",\"duration\":\"PT48.1623275S\",\"correlationId\":\"29240ba6-0e05-42a3-9b75-281a64f704c8\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentkjycb6aqpr\",\"name\":\"azure-cli-sub-level-deploymentkjycb6aqpr\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-15T06:49:28.0655727Z\",\"duration\":\"PT19.7231992S\",\"correlationId\":\"5bb75b1f-03c0-4194-90f8-99a220c95f9b\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlbvb2wi2xh\",\"name\":\"azure-cli-sub-level-deploymentlbvb2wi2xh\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-14T06:49:38.4395168Z\",\"duration\":\"PT21.1646064S\",\"correlationId\":\"24d0ec50-015e-4a52-99a0-b789e1a211e3\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentumilqewj47\",\"name\":\"azure-cli-sub-level-deploymentumilqewj47\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-13T06:48:22.5537874Z\",\"duration\":\"PT46.7762391S\",\"correlationId\":\"f0724e6f-a023-4c0d-b248-49d92cfd64bd\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbmrq2xg4fp\",\"name\":\"azure-cli-sub-level-deploymentbmrq2xg4fp\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-12T06:49:47.1418295Z\",\"duration\":\"PT21.7891671S\",\"correlationId\":\"2d53019e-fac5-49f1-a779-e3fc0e891a77\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6adnri7b5v\",\"name\":\"azure-cli-sub-level-deployment6adnri7b5v\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-11T06:47:40.1991064Z\",\"duration\":\"PT39.2368339S\",\"correlationId\":\"776070eb-ef8f-4d62-b232-38be044f6607\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentxy26cq24q3\",\"name\":\"azure-cli-sub-level-deploymentxy26cq24q3\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-08T06:47:44.1940826Z\",\"duration\":\"PT54.3428216S\",\"correlationId\":\"f2ed708b-727f-4ec2-8ce7-bab46cb485b1\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentsgmhgi2rph\",\"name\":\"azure-cli-sub-level-deploymentsgmhgi2rph\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-07T06:55:32.0052896Z\",\"duration\":\"PT18.4907246S\",\"correlationId\":\"47d7fc91-a4fa-4c39-b40c-47196c3e6fe4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment4jggtwgj65\",\"name\":\"azure-cli-sub-level-deployment4jggtwgj65\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-06T06:50:34.0727401Z\",\"duration\":\"PT46.0817096S\",\"correlationId\":\"c51bafe2-95fb-4ec0-a680-aa9b5d9888de\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjyfvnevxfk\",\"name\":\"azure-cli-sub-level-deploymentjyfvnevxfk\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-05T06:48:00.3703164Z\",\"duration\":\"PT22.5787305S\",\"correlationId\":\"6e462015-4541-42f3-ad8a-c5b3231c013e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentherzbpxbwa\",\"name\":\"azure-cli-sub-level-deploymentherzbpxbwa\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-04T06:48:41.9665699Z\",\"duration\":\"PT45.3184878S\",\"correlationId\":\"aaa363df-6fd7-4d3a-9c95-a03f45a40b84\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment3upq4x7nal\",\"name\":\"azure-cli-sub-level-deployment3upq4x7nal\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-12-01T06:54:59.5692621Z\",\"duration\":\"PT1M2.8673681S\",\"correlationId\":\"77617ff1-fbb0-4b8c-bc27-a72d8bd19692\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmajzywuipg\",\"name\":\"azure-cli-sub-level-deploymentmajzywuipg\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-29T06:49:56.1355228Z\",\"duration\":\"PT18.5586711S\",\"correlationId\":\"0135a894-49ec-486f-94d7-e049f6835d92\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthzu75ehotl\",\"name\":\"azure-cli-sub-level-deploymenthzu75ehotl\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-28T06:54:31.3636196Z\",\"duration\":\"PT21.7646735S\",\"correlationId\":\"d0409a6f-f9d2-4821-8bfc-35569cb26c07\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcixag76wpi\",\"name\":\"azure-cli-sub-level-deploymentcixag76wpi\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-28T06:47:54.4819102Z\",\"duration\":\"PT49.5990759S\",\"correlationId\":\"00fcbf8c-9799-43c4-a5e1-6fb323943d3c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzdomzmaunj\",\"name\":\"azure-cli-sub-level-deploymentzdomzmaunj\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-24T06:46:18.3575714Z\",\"duration\":\"PT21.2638784S\",\"correlationId\":\"a3abd118-c028-46fa-b35b-f8d72a9e28e7\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbdmygd55ui\",\"name\":\"azure-cli-sub-level-deploymentbdmygd55ui\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-23T06:51:26.8493783Z\",\"duration\":\"PT38.3730282S\",\"correlationId\":\"56862b0b-92d8-49a6-8857-d73702b3ae04\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentvqjmyojnoh\",\"name\":\"azure-cli-sub-level-deploymentvqjmyojnoh\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-22T06:47:58.6499457Z\",\"duration\":\"PT19.2389777S\",\"correlationId\":\"8f6d4bec-43ae-4a04-a010-7fad3c93c1d1\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentanqbwjidmd\",\"name\":\"azure-cli-sub-level-deploymentanqbwjidmd\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-21T06:50:16.3587706Z\",\"duration\":\"PT42.2312927S\",\"correlationId\":\"275c4e6a-9263-40ac-aec0-c35c42372115\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentutoohbrsg2\",\"name\":\"azure-cli-sub-level-deploymentutoohbrsg2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-17T06:51:40.7433949Z\",\"duration\":\"PT46.3913841S\",\"correlationId\":\"426a2189-1559-4f3b-af8c-1c0f22a9df80\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbmssoycrel\",\"name\":\"azure-cli-sub-level-deploymentbmssoycrel\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-16T06:50:38.0685171Z\",\"duration\":\"PT22.5914351S\",\"correlationId\":\"8ddca7a0-09b6-4514-9f00-96f2396016c8\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthmmkdzlyly\",\"name\":\"azure-cli-sub-level-deploymenthmmkdzlyly\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-15T06:49:44.4751665Z\",\"duration\":\"PT48.6570991S\",\"correlationId\":\"05da3fe2-daa9-4b48-b1f9-3658e2102d58\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzanp25wey3\",\"name\":\"azure-cli-sub-level-deploymentzanp25wey3\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-14T06:44:35.8607273Z\",\"duration\":\"PT21.1730374S\",\"correlationId\":\"c4eb23e3-ae60-44fc-8f0a-c2ac842a256e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentrhyu5dapwd\",\"name\":\"azure-cli-sub-level-deploymentrhyu5dapwd\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-13T06:47:36.5340532Z\",\"duration\":\"PT25.903135S\",\"correlationId\":\"b4734951-acd6-44cc-86bc-8f87048f870a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentahpbeth2ia\",\"name\":\"azure-cli-sub-level-deploymentahpbeth2ia\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-12T23:46:21.0026408Z\",\"duration\":\"PT25.8854758S\",\"correlationId\":\"53877b01-10c2-456a-b412-5609237c19b8\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzifpcxirzz\",\"name\":\"azure-cli-sub-level-deploymentzifpcxirzz\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-12T18:20:05.7009206Z\",\"duration\":\"PT49.2905804S\",\"correlationId\":\"ec1e269f-4aed-4470-92ab-449a70ccce32\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentpyfzwgzdao\",\"name\":\"azure-cli-sub-level-deploymentpyfzwgzdao\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-10T06:48:35.2459599Z\",\"duration\":\"PT44.281308S\",\"correlationId\":\"e1dd9ef5-3499-4fd2-888e-74937885d87a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzhhuamiqxd\",\"name\":\"azure-cli-sub-level-deploymentzhhuamiqxd\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-10T00:40:45.1359617Z\",\"duration\":\"PT23.0441909S\",\"correlationId\":\"29a04b6e-3e3f-444d-953b-ea1f10f2f56e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5nghjlwuv7\",\"name\":\"azure-cli-sub-level-deployment5nghjlwuv7\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-09T21:23:46.3959518Z\",\"duration\":\"PT16.3467698S\",\"correlationId\":\"3664415a-2b4e-4f79-9eb4-c1357654e7e3\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnsjomvm4a4\",\"name\":\"azure-cli-sub-level-deploymentnsjomvm4a4\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-09T17:51:24.3978864Z\",\"duration\":\"PT47.4228897S\",\"correlationId\":\"8a14b1bf-eff4-49c3-a722-856c00c55a58\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthdino2qhw2\",\"name\":\"azure-cli-sub-level-deploymenthdino2qhw2\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-09T06:50:43.8638694Z\",\"duration\":\"PT17.9450763S\",\"correlationId\":\"d5d11978-8f05-465c-94c6-c3aa9f53e85e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenteeyu6vr64h\",\"name\":\"azure-cli-sub-level-deploymenteeyu6vr64h\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-09T01:13:07.0418924Z\",\"duration\":\"PT31.6475766S\",\"correlationId\":\"198599b4-f567-4f17-8911-726136fbf20a\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentaswgfktart\",\"name\":\"azure-cli-sub-level-deploymentaswgfktart\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-08T22:48:38.6740786Z\",\"duration\":\"PT21.3715216S\",\"correlationId\":\"0be9eab7-a1a1-4e1d-8d7f-c726065c8c20\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzcvyllkiqu\",\"name\":\"azure-cli-sub-level-deploymentzcvyllkiqu\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-08T06:48:05.2097744Z\",\"duration\":\"PT24.6168851S\",\"correlationId\":\"89cf5ed4-37d6-478d-96ad-2b29a2f22c99\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentkgc7byrmzd\",\"name\":\"azure-cli-sub-level-deploymentkgc7byrmzd\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-07T22:14:48.4235438Z\",\"duration\":\"PT39.6039852S\",\"correlationId\":\"47d0a978-7c5e-4f4e-b691-6923fc065481\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbcyqoazsph\",\"name\":\"azure-cli-sub-level-deploymentbcyqoazsph\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-07T06:47:04.4700084Z\",\"duration\":\"PT20.2356661S\",\"correlationId\":\"2ed82723-0526-4085-90c9-2c53ad1ff34e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5asmbdfzah\",\"name\":\"azure-cli-sub-level-deployment5asmbdfzah\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-06T06:48:57.4506284Z\",\"duration\":\"PT43.4822401S\",\"correlationId\":\"2f11da9f-ae7e-40b3-aa8d-162a9670ad6c\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentqghy6t3gt5\",\"name\":\"azure-cli-sub-level-deploymentqghy6t3gt5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-03T05:43:30.4048259Z\",\"duration\":\"PT42.9937988S\",\"correlationId\":\"48e8f7b2-8cc9-40ce-af49-1b068a10c776\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcagla5kdqu\",\"name\":\"azure-cli-sub-level-deploymentcagla5kdqu\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-02T05:47:29.0436719Z\",\"duration\":\"PT26.8131667S\",\"correlationId\":\"ba331dd9-a960-4846-a263-184cf90054cd\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmvsqbla577\",\"name\":\"azure-cli-sub-level-deploymentmvsqbla577\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-11-01T05:49:33.9985261Z\",\"duration\":\"PT40.1362896S\",\"correlationId\":\"fcf42602-0aa3-4b28-af24-624854744aaf\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentseoyvxhak5\",\"name\":\"azure-cli-sub-level-deploymentseoyvxhak5\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-10-31T05:48:05.3014978Z\",\"duration\":\"PT19.8033357S\",\"correlationId\":\"b67e6f8b-d7d8-416f-a502-848e1e0c164e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentu3gdrlzd5d\",\"name\":\"azure-cli-sub-level-deploymentu3gdrlzd5d\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-10-30T05:44:57.6174287Z\",\"duration\":\"PT16.8782912S\",\"correlationId\":\"69e5aa7d-2d77-45b5-9e8a-be12dcae1b7d\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2zqftmddw4\",\"name\":\"azure-cli-sub-level-deployment2zqftmddw4\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-10-30T05:36:56.5047748Z\",\"duration\":\"PT46.9192421S\",\"correlationId\":\"06a9484a-12b6-4f18-8266-f0ee2e8b029e\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentx2vtxykrhf\",\"name\":\"azure-cli-sub-level-deploymentx2vtxykrhf\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-10-27T05:44:34.9709042Z\",\"duration\":\"PT25.2865331S\",\"correlationId\":\"37e240e2-bc91-417e-8384-ca79890220c5\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentousoo24n5r\",\"name\":\"azure-cli-sub-level-deploymentousoo24n5r\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus\",\"properties\":{\"templateHash\":\"7040894817952224509\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"armbuilddemo1809\"},\"nestedRGName\":{\"type\":\"String\",\"value\":\"cli_test_subscription_level_deployment\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2018-10-26T19:01:35.0241599Z\",\"duration\":\"PT39.0180906S\",\"correlationId\":\"f9126dc3-5233-4936-b549-421c5ae570d4\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/721e5120-64f0-40d6-837c-835145bd1879\",\"name\":\"721e5120-64f0-40d6-837c-835145bd1879\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"eastus2\",\"properties\":{\"templateHash\":\"17205502901608728771\",\"parameters\":{\"resourceGroupApiVersion\":{\"type\":\"String\",\"value\":\"2019-10-01\"},\"rgName\":{\"type\":\"String\",\"value\":\"houk-rg-eastus-eastus2\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"eastus2\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-12-10T05:36:03.0957161Z\",\"duration\":\"PT0.6736832S\",\"correlationId\":\"d7c0d35d-74d7-417d-8148-bf88d707925c\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"eastus2\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/houk-rg-eastus-eastus2\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd9393\",\"name\":\"csmd9393\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus2\",\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"whatifnetsdktest1\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-15T03:01:50.3547443Z\",\"duration\":\"PT43.4742772S\",\"correlationId\":\"8107b599-ee35-44f3-b252-5d2130296c0d\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd5863\",\"name\":\"csmd5863\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus2\",\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"whatifnetsdktest1\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-09-15T02:21:59.7091482Z\",\"duration\":\"PT45.9444376S\",\"correlationId\":\"7572ecc9-67a8-49c3-b0ba-90a5bb68aabc\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd1329\",\"name\":\"csmd1329\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus2\",\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"whatifnetsdktest1\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-05-27T01:15:57.7133517Z\",\"duration\":\"PT18.4322744S\",\"correlationId\":\"463d3ff5-f377-41db-b535-3cc7254750b5\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd4557\",\"name\":\"csmd4557\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus2\",\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"whatifnetsdktest1\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-05-27T01:00:15.5783259Z\",\"duration\":\"PT19.3169344S\",\"correlationId\":\"5fda15dd-f266-4c88-bff1-71ccc06e094f\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/csmd2223\",\"name\":\"csmd2223\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"westus2\",\"properties\":{\"templateHash\":\"6720373025847754913\",\"parameters\":{\"storageAccountName\":{\"type\":\"String\",\"value\":\"whatifnetsdktest1\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2020-05-27T00:56:42.6876872Z\",\"duration\":\"PT43.2355869S\",\"correlationId\":\"91c7edf8-7f34-4403-ad52-ac4e2f4db693\",\"providers\":[{\"namespace\":\"Microsoft.Authorization\",\"resourceTypes\":[{\"resourceType\":\"policyDefinitions\",\"locations\":[null]},{\"resourceType\":\"policyAssignments\",\"locations\":[null]}]},{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\",\"resourceType\":\"Microsoft.Authorization/policyDefinitions\",\"resourceName\":\"policy2\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\",\"resourceType\":\"Microsoft.Authorization/policyAssignments\",\"resourceName\":\"location-lock\"}],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SDK-test/providers/Microsoft.Storage/storageAccounts/whatifnetsdktest1\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested\",\"name\":\"sub-nested\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"eastus\",\"properties\":{\"templateHash\":\"17976844800751378253\",\"parameters\":{},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-22T06:15:17.6378731Z\",\"duration\":\"PT7.6164174S\",\"correlationId\":\"b10370ab-5ec1-407f-9d4f-99f8466fc1b1\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"eastus2\"]}]}],\"dependencies\":[],\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/deploymentRg\",\"name\":\"deploymentRg\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"eastus\",\"properties\":{\"templateLink\":{\"relativePath\":\"createResourceGroup.json\",\"uri\":\"https://testquerystrsubj6nqmcvxw.blob.core.windows.net/querystrywu63iab4k53/mainTemplate\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"17331290123496842075\",\"parameters\":{\"rgName\":{\"type\":\"String\",\"value\":\"cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"eastus\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-18T23:27:28.44406Z\",\"duration\":\"PT1.5923779S\",\"correlationId\":\"b735057f-096c-4b33-ba65-75273379b313\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"resourceGroups\",\"locations\":[\"eastus\"]}]}],\"dependencies\":[],\"outputs\":{},\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q\"}]}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mainTemplate\",\"name\":\"mainTemplate\",\"type\":\"Microsoft.Resources/deployments\",\"location\":\"eastus\",\"properties\":{\"templateLink\":{\"uri\":\"https://testquerystrsubj6nqmcvxw.blob.core.windows.net/querystrywu63iab4k53/mainTemplate\",\"contentVersion\":\"1.0.0.0\"},\"templateHash\":\"7361881621490722527\",\"parameters\":{\"rgName\":{\"type\":\"String\",\"value\":\"cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q\"},\"rgLocation\":{\"type\":\"String\",\"value\":\"eastus\"},\"keyVaultName\":{\"type\":\"String\",\"value\":\"querystrKVcruojwzilo\"}},\"mode\":\"Incremental\",\"provisioningState\":\"Succeeded\",\"timestamp\":\"2021-03-18T23:28:00.3135213Z\",\"duration\":\"PT34.3905395S\",\"correlationId\":\"b735057f-096c-4b33-ba65-75273379b313\",\"providers\":[{\"namespace\":\"Microsoft.Resources\",\"resourceTypes\":[{\"resourceType\":\"deployments\",\"locations\":[\"eastus\",null]}]}],\"dependencies\":[{\"dependsOn\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/deploymentRg\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"deploymentRg\"}],\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q/providers/Microsoft.Resources/deployments/keyVaultAndSecret\",\"resourceType\":\"Microsoft.Resources/deployments\",\"resourceName\":\"keyVaultAndSecret\"}],\"outputs\":{},\"outputResources\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q/providers/Microsoft.KeyVault/vaults/querystrKVcruojwzilo\"},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_query_str_subrtockxy5c7imwqfl3vyh2sfotgnz3mrpyptiujrrhiygstxq3xt4q/providers/Microsoft.KeyVault/vaults/querystrKVcruojwzilo/secrets/mySecret\"}]}}],\"nextLink\":\"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?%24filter=provisioningState+eq+%27Succeeded%27&api-version=2020-10-01&%24skiptoken=3ZHdaoNAEIWfxb1OQBsLbe4SdrfUurPd32DuQmpBV1ZoDK4G373akpfIxWHmMAeGj3ND59Z3lb%2beuqr1unWlv6DtDR2I0kYtmy9D93n66aol8FEOaIuS6CXihD2DM2u0%2bkvItr%2ffkjSNGHkPsi5iGEkQruiBSCIMpWIELGo3wJi9MewSrvffMgGeq7jn2KRQF4Hhczxrw%2fEuBkx6UMn%2b0FgldTtIAkwtk4IV9eIDtc4yXmfzBys0eT1qY7nFNhfxV6boMbfuskbTCpHdgvT0UEz%2fNc1M%2fto0d8QHIpymXw%3d%3d\"}" + headers: + cache-control: + - no-cache + content-length: + - '439531' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 22 Mar 2021 07:11:16 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - deployment sub list + Connection: + - keep-alive + ParameterSetName: + - --filter + User-Agent: + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/?%24filter=provisioningState+eq+%27Succeeded%27&api-version=2020-10-01&%24skiptoken=3ZHdaoNAEIWfxb1OQBsLbe4SdrfUurPd32DuQmpBV1ZoDK4G373akpfIxWHmMAeGj3ND59Z3lb%2Beuqr1unWlv6DtDR2I0kYtmy9D93n66aol8FEOaIuS6CXihD2DM2u0%2BkvItr%2FfkjSNGHkPsi5iGEkQruiBSCIMpWIELGo3wJi9MewSrvffMgGeq7jn2KRQF4Hhczxrw%2FEuBkx6UMn%2B0FgldTtIAkwtk4IV9eIDtc4yXmfzBys0eT1qY7nFNhfxV6boMbfuskbTCpHdgvT0UEz%2FNc1M%2Fto0d8QHIpymXw%3D%3D + response: + body: + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5kcgihvkvk","name":"azure-cli-sub-level-deployment5kcgihvkvk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-26T05:47:08.5483304Z","duration":"PT20.8751211S","correlationId":"e96e739d-e413-41d6-9e38-57e9ca2471fe","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentrcim76dsac","name":"azure-cli-sub-level-deploymentrcim76dsac","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-25T05:46:04.0485697Z","duration":"PT29.543957S","correlationId":"f26ffaed-e1da-4886-a6bf-149c1be84e9e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6gjztlttbg","name":"azure-cli-sub-level-deployment6gjztlttbg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-25T04:17:59.7456262Z","duration":"PT38.1894475S","correlationId":"c7540425-4513-40e8-90aa-c0ff40401cea","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthuawccaq3c","name":"azure-cli-sub-level-deploymenthuawccaq3c","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-24T05:43:01.7191497Z","duration":"PT20.7895506S","correlationId":"16ada8af-5d0a-42e4-9e1c-66d60919abb5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment62ay4n3wbz","name":"azure-cli-sub-level-deployment62ay4n3wbz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-23T05:42:22.9105265Z","duration":"PT54.3042857S","correlationId":"753b042b-6209-45f5-a618-ae9fdb666c8c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjzuahaefai","name":"azure-cli-sub-level-deploymentjzuahaefai","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-20T05:43:32.1230508Z","duration":"PT25.5526294S","correlationId":"0a5aa6b1-085d-40f7-b810-5f6a93ef2a28","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentayikxoao3r","name":"azure-cli-sub-level-deploymentayikxoao3r","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-19T05:48:58.8243039Z","duration":"PT1M43.8727102S","correlationId":"4faa9f80-fa0e-49d3-a692-d1189ec59dd4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnifftpkns3","name":"azure-cli-sub-level-deploymentnifftpkns3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-16T05:47:07.6841584Z","duration":"PT59.759756S","correlationId":"45f28335-54d9-4fbc-80c2-86b5e0fdbed9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentcmzw3yk2nx","name":"azure-cli-sub-level-deploymentcmzw3yk2nx","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-13T05:45:44.1079022Z","duration":"PT15.9139008S","correlationId":"3525add9-45f2-405a-adb8-eb8cc4468f61","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentt4d7vvniyk","name":"azure-cli-sub-level-deploymentt4d7vvniyk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-12T11:40:34.7487082Z","duration":"PT45.2014713S","correlationId":"a6cb8271-5307-42d1-9bf9-5057f42799d0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentg2dmiwnb42","name":"azure-cli-sub-level-deploymentg2dmiwnb42","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-11T05:39:08.9956472Z","duration":"PT39.2413029S","correlationId":"582eea32-24fe-45a8-887c-95dbabf4f812","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzajmsyj447","name":"azure-cli-sub-level-deploymentzajmsyj447","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-10T05:07:17.6472273Z","duration":"PT28.8144781S","correlationId":"bc42d183-b8ed-44a2-905c-bb305242ea4a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentudkx7bwyow","name":"azure-cli-sub-level-deploymentudkx7bwyow","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-09T05:36:51.7528653Z","duration":"PT19.9430593S","correlationId":"a716c579-80d0-4769-b321-59eeff9c953b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment3jka5u5sqr","name":"azure-cli-sub-level-deployment3jka5u5sqr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-06T05:46:36.5415179Z","duration":"PT25.0329024S","correlationId":"639ccb7d-fb2d-4763-9b20-68626a428a4d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthywvp5uuqw","name":"azure-cli-sub-level-deploymenthywvp5uuqw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-05T05:46:11.2025114Z","duration":"PT26.6181832S","correlationId":"107c7b5e-5e41-49ca-8344-7360cd6331aa","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment26mylz6y6s","name":"azure-cli-sub-level-deployment26mylz6y6s","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-04T17:39:31.6902978Z","duration":"PT23.2557684S","correlationId":"48e40afe-6d47-4294-850a-903002003d22","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttfxccigt2v","name":"azure-cli-sub-level-deploymenttfxccigt2v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-04T05:50:45.1731027Z","duration":"PT17.0471728S","correlationId":"84c8fdb1-1cb1-4ccc-9562-20b81ef9e489","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentktvjxxfbuv","name":"azure-cli-sub-level-deploymentktvjxxfbuv","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-03T05:55:05.3384389Z","duration":"PT30.3028961S","correlationId":"69ce735f-2369-46f2-bc57-68d77821b035","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentykwrbqeqwl","name":"azure-cli-sub-level-deploymentykwrbqeqwl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-10-02T17:01:39.6735559Z","duration":"PT30.5295508S","correlationId":"0345f2a0-5cd1-4324-bf6e-c13ded4b7871","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentniptbie26r","name":"azure-cli-sub-level-deploymentniptbie26r","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-28T05:55:36.539333Z","duration":"PT23.1668928S","correlationId":"562dc52a-0408-4183-b924-00dfdbb3fd80","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthdynb3uiex","name":"azure-cli-sub-level-deploymenthdynb3uiex","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-27T17:51:43.042278Z","duration":"PT28.7556714S","correlationId":"4b5f35e2-c06c-4809-8a13-130978428277","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmdijk7yp6v","name":"azure-cli-sub-level-deploymentmdijk7yp6v","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-24T18:43:18.0370313Z","duration":"PT29.2192959S","correlationId":"e5c99ef6-6476-4f4f-a286-48f7f34d80b9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentdvoq3q4lvw","name":"azure-cli-sub-level-deploymentdvoq3q4lvw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-20T06:44:01.0452029Z","duration":"PT27.2414787S","correlationId":"1d9f3e40-565f-435d-8a6e-abd0be54c7a7","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentanjxlfn5p4","name":"azure-cli-sub-level-deploymentanjxlfn5p4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-19T16:59:17.1711462Z","duration":"PT26.2008481S","correlationId":"f33383c6-38e2-4966-b8bd-208cdc1713a5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentve6h6jmfi6","name":"azure-cli-sub-level-deploymentve6h6jmfi6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-17T08:50:40.3852018Z","duration":"PT21.9670884S","correlationId":"83627931-915d-4f2a-a927-2872106b9dad","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentdammbysszw","name":"azure-cli-sub-level-deploymentdammbysszw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-15T00:35:16.8844541Z","duration":"PT20.6982218S","correlationId":"721ed19d-377e-406e-b46c-733543adcee0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentslyxdf47qz","name":"azure-cli-sub-level-deploymentslyxdf47qz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-13T18:03:04.220525Z","duration":"PT1M7.6821088S","correlationId":"a95b228f-baf0-4673-aef0-6422c9365ad8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnbuz3yq2jm","name":"azure-cli-sub-level-deploymentnbuz3yq2jm","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T23:00:29.3065457Z","duration":"PT1M3.8066808S","correlationId":"40ce0802-f7d5-43d4-8854-9ec7967cd55a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentulht3ehlak","name":"azure-cli-sub-level-deploymentulht3ehlak","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T17:46:17.9370329Z","duration":"PT48.0283852S","correlationId":"b2ec2607-f34e-4e38-af84-90627fe0c5e3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentq5qvxq3zcj","name":"azure-cli-sub-level-deploymentq5qvxq3zcj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T16:29:00.6263978Z","duration":"PT19.545734S","correlationId":"f1d30e60-f36c-4368-8568-aba64d2bd1d8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5cbt2viigg","name":"azure-cli-sub-level-deployment5cbt2viigg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-12T06:37:27.6734582Z","duration":"PT33.0975032S","correlationId":"05ea2abb-4e1e-47f2-8808-b9ad053da311","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentne4uh6ifn4","name":"azure-cli-sub-level-deploymentne4uh6ifn4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-11T21:00:07.3106042Z","duration":"PT18.6705891S","correlationId":"a7e65fc2-6f38-4d18-a4e7-0f628d178f3c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentgqte3k7exw","name":"azure-cli-sub-level-deploymentgqte3k7exw","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-11T17:23:34.6686838Z","duration":"PT58.1230124S","correlationId":"bf1a6530-a087-46e7-8936-46bad624f1f5","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentstagz5piun","name":"azure-cli-sub-level-deploymentstagz5piun","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-09-02T00:59:56.604189Z","duration":"PT1M5.504914S","correlationId":"0d697b80-8992-431a-8dbd-c0dae06bc5d2","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment5oxpjecwn6","name":"azure-cli-sub-level-deployment5oxpjecwn6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-31T22:13:32.9853182Z","duration":"PT24.5467354S","correlationId":"353bd5d2-8e90-4181-9047-f98e43ea5046","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentl4qnvfknz5","name":"azure-cli-sub-level-deploymentl4qnvfknz5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-30T19:16:11.8016729Z","duration":"PT1M14.6679462S","correlationId":"8a739168-470e-4bf6-9c9b-9f8353ed0c51","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2eymv7vjup","name":"azure-cli-sub-level-deployment2eymv7vjup","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-29T15:59:58.9500787Z","duration":"PT11.188959S","correlationId":"00ce51fd-b9a4-4526-966e-3e03f209ae0c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentfqtetvgh26","name":"azure-cli-sub-level-deploymentfqtetvgh26","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T17:31:24.3489308Z","duration":"PT40.2309974S","correlationId":"533029ab-e53a-4374-8c01-5e73c109d7c1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentsnv3dtluzt","name":"azure-cli-sub-level-deploymentsnv3dtluzt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T17:30:12.7177459Z","duration":"PT28.6313735S","correlationId":"27bc6a08-7028-4e73-8c0a-f15ce75bf2f3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttyma5rcvgz","name":"azure-cli-sub-level-deploymenttyma5rcvgz","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T17:05:45.5469133Z","duration":"PT21.385005S","correlationId":"876c8aad-8db4-4f4c-a209-c86ee19ca190","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentinkonralxj","name":"azure-cli-sub-level-deploymentinkonralxj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-28T10:59:25.0229848Z","duration":"PT50.4974753S","correlationId":"6f946326-8c03-4be2-924d-b8a19667e6ec","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6gohclg7ah","name":"azure-cli-sub-level-deployment6gohclg7ah","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-25T09:04:17.2852709Z","duration":"PT1M17.8760312S","correlationId":"da465434-32e3-4f1b-8ed1-f1bb66f73b63","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentel5gc2e2eo","name":"azure-cli-sub-level-deploymentel5gc2e2eo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-24T05:53:28.8987066Z","duration":"PT32.904936S","correlationId":"92fb1078-94cf-4ed6-a2f2-4384a3d84dbb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment75jyb6ym6o","name":"azure-cli-sub-level-deployment75jyb6ym6o","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-23T05:31:25.6084705Z","duration":"PT45.9031631S","correlationId":"d72f2bc9-45e6-488f-8090-59c22d6a8363","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentg4yta4xvy4","name":"azure-cli-sub-level-deploymentg4yta4xvy4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-22T05:30:02.1735448Z","duration":"PT27.8843775S","correlationId":"0679ebe8-94ea-4b93-9cf7-f988a3a4a63a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment2k76m3mrzb","name":"azure-cli-sub-level-deployment2k76m3mrzb","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-21T05:30:48.0981749Z","duration":"PT45.677102S","correlationId":"c44bda5b-b222-4496-b47e-730d7b8bd732","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentmhviojkh5x","name":"azure-cli-sub-level-deploymentmhviojkh5x","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-18T05:30:38.0051324Z","duration":"PT1M4.7663793S","correlationId":"d52ab204-6912-418b-a0f9-21421d8b4877","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentp4hadwi6a3","name":"azure-cli-sub-level-deploymentp4hadwi6a3","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-17T05:29:46.2280027Z","duration":"PT33.6797815S","correlationId":"fa4ba77e-1e92-4ba1-8249-fd9d658b0c29","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthvvj25ejmh","name":"azure-cli-sub-level-deploymenthvvj25ejmh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-16T05:48:55.1573042Z","duration":"PT1M2.6991764S","correlationId":"56d25dfb-7fe1-44b0-9fc8-077b7889c8d1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjatarz2adr","name":"azure-cli-sub-level-deploymentjatarz2adr","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-15T05:42:52.8520141Z","duration":"PT29.4762467S","correlationId":"df3e54ca-5ea1-435d-a7f0-0994a6cf246e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentg5gjufr66i","name":"azure-cli-sub-level-deploymentg5gjufr66i","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-14T05:32:30.3897006Z","duration":"PT45.2069532S","correlationId":"140f978c-0a55-46e8-b019-ee9674a80335","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentjumxsuyf5q","name":"azure-cli-sub-level-deploymentjumxsuyf5q","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-11T05:37:15.087196Z","duration":"PT1M1.8538336S","correlationId":"617aa6ed-22fa-49c3-bbc7-1e1617b8a110","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentu3h3xiax7l","name":"azure-cli-sub-level-deploymentu3h3xiax7l","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-10T05:35:04.690931Z","duration":"PT25.0561998S","correlationId":"82a969c3-346d-4833-bc30-fdbc463c0e59","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbwmjw6qvoc","name":"azure-cli-sub-level-deploymentbwmjw6qvoc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-09T05:34:03.6568153Z","duration":"PT1M5.5316182S","correlationId":"59ce393c-3052-4f29-95ad-eaddbece3e21","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentolwwap6fga","name":"azure-cli-sub-level-deploymentolwwap6fga","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-08T05:42:15.6686266Z","duration":"PT33.2825946S","correlationId":"bdd6376f-7929-490e-b8d4-f34b54d74b5e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentw7ah3fnec2","name":"azure-cli-sub-level-deploymentw7ah3fnec2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-07T05:31:30.0159023Z","duration":"PT1M2.7494998S","correlationId":"12dec3d9-508b-4150-8306-5456a850fafd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentoxqyjjneem","name":"azure-cli-sub-level-deploymentoxqyjjneem","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-04T05:31:10.0690507Z","duration":"PT1M9.2437555S","correlationId":"eff6c686-cdb0-44b3-8e79-c65e8c936730","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentdhn4t3i5uy","name":"azure-cli-sub-level-deploymentdhn4t3i5uy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-03T05:28:50.0530589Z","duration":"PT31.524414S","correlationId":"2ad63e6e-3520-484d-8cc7-7d6203855608","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentbftcv3gww6","name":"azure-cli-sub-level-deploymentbftcv3gww6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-02T05:30:54.9950375Z","duration":"PT42.3959185S","correlationId":"d54b5fbd-5bb5-48c5-9888-1dd10d6c7ecc","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentnzssl7zm2g","name":"azure-cli-sub-level-deploymentnzssl7zm2g","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-08-01T05:29:52.2022237Z","duration":"PT24.5084466S","correlationId":"2367cd94-4fb0-4512-9f5e-274f075eb2f4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment6bv4gq3idl","name":"azure-cli-sub-level-deployment6bv4gq3idl","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-31T05:29:01.9544697Z","duration":"PT45.0977807S","correlationId":"b47dab72-3202-4ead-8d2a-c2d6e0da59ff","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment3urgay3p5x","name":"azure-cli-sub-level-deployment3urgay3p5x","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-28T05:28:23.6476396Z","duration":"PT22.989586S","correlationId":"94260bef-b544-44e3-9c58-ebddef3c47e1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenti2n76kvueh","name":"azure-cli-sub-level-deploymenti2n76kvueh","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-27T05:35:04.5149848Z","duration":"PT1M16.0226307S","correlationId":"e8cb0cad-40d1-4003-88e6-1a1fa1ddd397","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentaivl64itv2","name":"azure-cli-sub-level-deploymentaivl64itv2","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-26T05:29:42.5106894Z","duration":"PT28.7600019S","correlationId":"7e0ccf1d-bdd4-42f6-aadf-9644a89b173b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenthn4meopu7h","name":"azure-cli-sub-level-deploymenthn4meopu7h","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-25T05:30:45.753227Z","duration":"PT1M25.2458601S","correlationId":"e430576f-35fb-472a-8e88-180038fdc4d9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymenttajmgrwm3p","name":"azure-cli-sub-level-deploymenttajmgrwm3p","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-21T05:28:02.4692931Z","duration":"PT27.6594309S","correlationId":"c2bbcadb-a9e9-440d-a8c1-8db17357ff3f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentv7bwtt3sv7","name":"azure-cli-sub-level-deploymentv7bwtt3sv7","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-20T05:30:24.9709223Z","duration":"PT48.9916151S","correlationId":"471980a5-8cd9-45dd-8526-a7b05340da44","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment54u3fh46ga","name":"azure-cli-sub-level-deployment54u3fh46ga","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-19T05:31:36.8736378Z","duration":"PT25.3386883S","correlationId":"eaf4a21a-cbf7-4284-8c11-44f43deacb87","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentfw3xpmkbon","name":"azure-cli-sub-level-deploymentfw3xpmkbon","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-18T05:31:59.6058664Z","duration":"PT50.5293477S","correlationId":"fffa74c1-1470-4b54-b790-ac98a14327f8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentlbseongfks","name":"azure-cli-sub-level-deploymentlbseongfks","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-14T05:33:30.3114057Z","duration":"PT59.6055928S","correlationId":"f989bbb0-bb95-47bc-a958-4b086d4cc39a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentwabth2otbt","name":"azure-cli-sub-level-deploymentwabth2otbt","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-13T05:29:40.6260739Z","duration":"PT23.7018578S","correlationId":"6fef308f-bce9-4bf4-ac90-ae2d4ecf951c","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentzyibfmrhnp","name":"azure-cli-sub-level-deploymentzyibfmrhnp","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-12T05:33:20.9260959Z","duration":"PT23.1708871S","correlationId":"1c75fc07-eef7-42a2-be46-d17a163ec3a4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentknecij3xkd","name":"azure-cli-sub-level-deploymentknecij3xkd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-11T22:16:15.3988206Z","duration":"PT58.284311S","correlationId":"d034699f-d0c3-4920-af6b-84e9be589b54","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentont4aqetrq","name":"azure-cli-sub-level-deploymentont4aqetrq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-05T05:27:37.4383606Z","duration":"PT32.9974056S","correlationId":"010520d3-f72b-4144-b910-fee98232a59f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deployment74a5igmnfo","name":"azure-cli-sub-level-deployment74a5igmnfo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-07-04T05:28:55.7835006Z","duration":"PT1M3.531037S","correlationId":"9863bd00-1af5-4f9b-81a7-a1ae0997399a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-sub-level-deploymentna76jlj3rk","name":"azure-cli-sub-level-deploymentna76jlj3rk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"7040894817952224509","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1809"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2018-06-30T05:26:51.1261386Z","duration":"PT25.5466451S","correlationId":"6b420a6e-9f82-45bb-91e9-9c77a09e4cdb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1809"}]}}]}' headers: cache-control: - no-cache content-length: - - '2547' + - '139320' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:27 GMT + - Mon, 22 Mar 2021 07:11:18 GMT expires: - '-1' pragma: @@ -651,15 +1186,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:59.4976816Z","duration":"PT36.6105837S","correlationId":"51cabcaf-b850-45c0-b77e-d283a77a79ca","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001","name":"azure-cli-subscription_level_deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:52.8052403Z","duration":"PT55.3681441S","correlationId":"d91f86d3-d883-4e53-aea4-c75d9ea0f687","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' headers: cache-control: - no-cache @@ -668,7 +1203,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:28 GMT + - Mon, 22 Mar 2021 07:11:20 GMT expires: - '-1' pragma: @@ -698,8 +1233,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -717,7 +1252,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:28 GMT + - Mon, 22 Mar 2021 07:11:21 GMT expires: - '-1' pragma: @@ -749,24 +1284,24 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operations?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/F26EA6458D29C375","operationId":"F26EA6458D29C375","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:32.3633559Z","duration":"PT7.0300225S","trackingId":"f6aaf069-ebda-49b8-988b-f49957a090da","serviceRequestId":"westus:27a5dc7f-0289-438f-b118-ab5cddbbd1b0","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/3BEE6263B94FD55E","operationId":"3BEE6263B94FD55E","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:32.1769686Z","duration":"PT6.8436352S","trackingId":"b256420b-7f70-4ee0-9302-6f4ff3c04fbb","serviceRequestId":"westus:0ecdcb25-9d2b-49f1-86ce-5b718dbd9b89","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/B23E7AC4BA229AF6","operationId":"B23E7AC4BA229AF6","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:58.2345062Z","duration":"PT32.9011728S","trackingId":"3ddadf5e-9ca4-439f-9cdc-69103ca0ebcd","serviceRequestId":"0440b8a5-78bf-48ef-83d6-de09ad3757fa","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/80037C57C08EC06E","operationId":"80037C57C08EC06E","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:27.0506408Z","duration":"PT1.7173074S","trackingId":"fc361ab5-0a26-4786-85db-720e89d47060","serviceRequestId":"a97a6af8-79be-401c-b27e-3aa9dac7f358","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/08585933750225905263","operationId":"08585933750225905263","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2020-12-17T19:04:59.2700964Z","duration":"PT0.5999798S","trackingId":"a293bb3f-2ee0-4016-8574-e7101150d21d","statusCode":"OK"}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/0CCC0FCC7A260D94","operationId":"0CCC0FCC7A260D94","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:12.5451677Z","duration":"PT10.7054474S","trackingId":"eb65b242-4500-45ef-a043-6dd1f73d5f68","serviceRequestId":"westus:853f21c6-bb10-41b0-bbad-dbfd089e7848","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/BB0CC53EFF348AD5","operationId":"BB0CC53EFF348AD5","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:50.8286538Z","duration":"PT48.9889335S","trackingId":"243f4f3e-06c1-4642-95a3-b2623e7d32b4","serviceRequestId":"74203e36-c9fa-4741-af32-2f29e03c4f93","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/047BF7D373F16CED","operationId":"047BF7D373F16CED","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:07.126154Z","duration":"PT5.2864337S","trackingId":"bba70aeb-b4c1-49e5-b7d1-db21920e0a86","serviceRequestId":"8ae9e531-9b4e-441c-9a2c-aab0af07089e","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/D53862B573E9142D","operationId":"D53862B573E9142D","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:06.869492Z","duration":"PT5.0297717S","trackingId":"153c4998-3719-4a02-8df6-c2f2c986ff14","serviceRequestId":"westus:b225951d-866c-48b2-a4c9-b41b4a2c2eb6","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000001/operations/08585852098880405369","operationId":"08585852098880405369","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2021-03-22T07:10:52.6020542Z","duration":"PT0.5535086S","trackingId":"ddb06d38-bbca-4265-ad78-d27f5d6b4ec4","statusCode":"OK"}}]}' headers: cache-control: - no-cache content-length: - - '3477' + - '3476' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:29 GMT + - Mon, 22 Mar 2021 07:11:23 GMT expires: - '-1' pragma: @@ -832,15 +1367,15 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T19:05:30.5976728Z","duration":"PT0S","correlationId":"72b34cf8-b15e-47b8-a03f-37b2f284633a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T07:11:24.2454526Z","duration":"PT0S","correlationId":"d40ab1a6-527d-4b9b-8fad-5fbcad5d4316","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000003"}]}}' headers: cache-control: - no-cache @@ -849,7 +1384,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:30 GMT + - Mon, 22 Mar 2021 07:11:25 GMT expires: - '-1' pragma: @@ -919,18 +1454,18 @@ interactions: ParameterSetName: - -n --location --template-file --parameters --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-12-17T19:05:32.2187789Z","duration":"PT0.9831282S","correlationId":"3ac162cb-254d-41e7-aade-a4cf58799db4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T07:11:30.4173536Z","duration":"PT4.5160394S","correlationId":"0151330d-3210-435c-b185-3c62a868f1f3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002/operationStatuses/08585933749542419713?api-version=2020-10-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002/operationStatuses/08585852097995763243?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -938,7 +1473,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:31 GMT + - Mon, 22 Mar 2021 07:11:31 GMT expires: - '-1' pragma: @@ -948,7 +1483,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1197' status: code: 201 message: Created @@ -968,8 +1503,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -981,7 +1516,7 @@ interactions: cache-control: - no-cache date: - - Thu, 17 Dec 2020 19:05:33 GMT + - Mon, 22 Mar 2021 07:11:33 GMT expires: - '-1' pragma: @@ -991,10 +1526,55 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1198' status: code: 204 message: No Content +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - deployment sub wait + Connection: + - keep-alive + ParameterSetName: + - -n --custom + User-Agent: + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T07:11:32.3480796Z","duration":"PT6.4467654S","correlationId":"0151330d-3210-435c-b185-3c62a868f1f3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + headers: + cache-control: + - no-cache + content-length: + - '1970' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 22 Mar 2021 07:11:34 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK - request: body: null headers: @@ -1009,15 +1589,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-17T19:05:33.8170172Z","duration":"PT2.5813665S","correlationId":"3ac162cb-254d-41e7-aade-a4cf58799db4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000002","name":"azure-cli-subscription_level_deployment000002","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"13231341667663423384","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000003"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T07:11:32.3480796Z","duration":"PT6.4467654S","correlationId":"0151330d-3210-435c-b185-3c62a868f1f3","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' headers: cache-control: - no-cache @@ -1026,7 +1606,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:33 GMT + - Mon, 22 Mar 2021 07:11:34 GMT expires: - '-1' pragma: @@ -1056,15 +1636,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock?api-version=2019-09-01 response: body: - string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:04:32.3192115Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","type":"Microsoft.Authorization/policyAssignments","name":"location-lock"}' + string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:10:10.2970717Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","type":"Microsoft.Authorization/policyAssignments","name":"location-lock"}' headers: cache-control: - no-cache @@ -1073,7 +1653,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:34 GMT + - Mon, 22 Mar 2021 07:11:35 GMT expires: - '-1' pragma: @@ -1087,7 +1667,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-deletes: - - '14999' + - '14998' status: code: 200 message: OK @@ -1107,15 +1687,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2?api-version=2019-09-01 response: body: - string: '{"properties":{"policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","createdOn":"2020-12-17T19:04:31.9692062Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"location","equals":"northeurope"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","type":"Microsoft.Authorization/policyDefinitions","name":"policy2"}' + string: '{"properties":{"policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"9ac534f1-d577-4034-a32d-48de400dacbf","createdOn":"2021-03-22T07:10:05.3531871Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"location","equals":"northeurope"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","type":"Microsoft.Authorization/policyDefinitions","name":"policy2"}' headers: cache-control: - no-cache @@ -1124,7 +1704,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 19:05:35 GMT + - Mon, 22 Mar 2021 07:11:36 GMT expires: - '-1' pragma: @@ -1158,8 +1738,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -1173,7 +1753,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:05:37 GMT + - Mon, 22 Mar 2021 07:11:40 GMT expires: - '-1' location: @@ -1185,7 +1765,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-deletes: - - '14999' + - '14998' status: code: 202 message: Accepted @@ -1203,8 +1783,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGU1VCU0NSSVBUSU9OOjVGTEVWRUw6NUZERVBMT1lNRU5ULVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2020-10-01 response: @@ -1216,7 +1796,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:05:52 GMT + - Mon, 22 Mar 2021 07:11:57 GMT expires: - '-1' location: @@ -1244,8 +1824,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGU1VCU0NSSVBUSU9OOjVGTEVWRUw6NUZERVBMT1lNRU5ULVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2020-10-01 response: @@ -1257,7 +1837,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:06:07 GMT + - Mon, 22 Mar 2021 07:12:12 GMT expires: - '-1' location: @@ -1285,8 +1865,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGU1VCU0NSSVBUSU9OOjVGTEVWRUw6NUZERVBMT1lNRU5ULVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2020-10-01 response: @@ -1298,7 +1878,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:06:23 GMT + - Mon, 22 Mar 2021 07:12:27 GMT expires: - '-1' location: @@ -1326,8 +1906,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGU1VCU0NSSVBUSU9OOjVGTEVWRUw6NUZERVBMT1lNRU5ULVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2020-10-01 response: @@ -1339,7 +1919,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:06:38 GMT + - Mon, 22 Mar 2021 07:12:43 GMT expires: - '-1' location: @@ -1367,8 +1947,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGU1VCU0NSSVBUSU9OOjVGTEVWRUw6NUZERVBMT1lNRU5ULVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2020-10-01 response: @@ -1380,7 +1960,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:06:53 GMT + - Mon, 22 Mar 2021 07:12:58 GMT expires: - '-1' location: @@ -1408,8 +1988,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGU1VCU0NSSVBUSU9OOjVGTEVWRUw6NUZERVBMT1lNRU5ULVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2020-10-01 response: @@ -1421,7 +2001,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 19:07:08 GMT + - Mon, 22 Mar 2021 07:13:14 GMT expires: - '-1' pragma: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment_ts.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment_ts.yaml index e0d400097bb..eb5cb99b630 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment_ts.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_subscription_level_deployment_ts.yaml @@ -13,8 +13,8 @@ interactions: ParameterSetName: - -g -n -v -l -f User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:31 GMT + - Mon, 22 Mar 2021 06:54:05 GMT expires: - '-1' pragma: @@ -60,8 +60,8 @@ interactions: ParameterSetName: - -g -n -v -l -f User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -79,7 +79,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:31 GMT + - Mon, 22 Mar 2021 06:54:05 GMT expires: - '-1' pragma: @@ -111,8 +111,8 @@ interactions: ParameterSetName: - -g -n -v -l -f User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -120,10 +120,10 @@ interactions: response: body: string: "{\r\n \"location\": \"eastus\",\r\n \"tags\": {},\r\n \"systemData\": - {\r\n \"createdBy\": \"daetienn@microsoft.com\",\r\n \"createdByType\": - \"User\",\r\n \"createdAt\": \"2020-12-17T22:38:33.909719Z\",\r\n \"lastModifiedBy\": - \"daetienn@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": - \"2020-12-17T22:38:33.909719Z\"\r\n },\r\n \"properties\": {},\r\n \"id\": + {\r\n \"createdBy\": \"zhoxing@microsoft.com\",\r\n \"createdByType\": + \"User\",\r\n \"createdAt\": \"2021-03-22T06:54:12.7543489Z\",\r\n \"lastModifiedBy\": + \"zhoxing@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": + \"2021-03-22T06:54:12.7543489Z\"\r\n },\r\n \"properties\": {},\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002\",\r\n \ \"type\": \"Microsoft.Resources/templateSpecs\",\r\n \"name\": \"cli-test-sub-lvl-ts-deploy000002\"\r\n}" headers: @@ -134,7 +134,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:33 GMT + - Mon, 22 Mar 2021 06:54:15 GMT expires: - '-1' pragma: @@ -188,8 +188,8 @@ interactions: ParameterSetName: - -g -n -v -l -f User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -197,10 +197,10 @@ interactions: response: body: string: "{\r\n \"location\": \"eastus\",\r\n \"tags\": {},\r\n \"systemData\": - {\r\n \"createdBy\": \"daetienn@microsoft.com\",\r\n \"createdByType\": - \"User\",\r\n \"createdAt\": \"2020-12-17T22:38:34.884997Z\",\r\n \"lastModifiedBy\": - \"daetienn@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": - \"2020-12-17T22:38:34.884997Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": + {\r\n \"createdBy\": \"zhoxing@microsoft.com\",\r\n \"createdByType\": + \"User\",\r\n \"createdAt\": \"2021-03-22T06:54:18.0943468Z\",\r\n \"lastModifiedBy\": + \"zhoxing@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": + \"2021-03-22T06:54:18.0943468Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": [],\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"armbuilddemo1801\"\r\n @@ -247,7 +247,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:34 GMT + - Mon, 22 Mar 2021 06:54:19 GMT expires: - '-1' pragma: @@ -277,8 +277,8 @@ interactions: ParameterSetName: - --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -300,23 +300,26 @@ interactions: East","UK South","UK West","Korea Central","Korea South","France Central","South Africa North","UAE North","Australia Central","Switzerland North","Germany West Central","Norway East","East US 2 EUAP","Central US EUAP"],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsTags, - SupportsLocation"},{"resourceType":"subscriptions/resourcegroups/resources","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/locations","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2016-06-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagnames","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagNames/tagValues","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments","locations":[],"apiVersions":["2020-06-01","2019-09-01","2019-08-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments/operations","locations":[],"apiVersions":["2020-06-01","2019-09-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"links","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsExtension"},{"resourceType":"operations","locations":[],"apiVersions":["2015-01-01"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2015-01-01"}],"capabilities":"None"},{"resourceType":"bulkDelete","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"capabilities":"None"},{"resourceType":"deploymentScripts","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"SupportsTags, + SupportsLocation"},{"resourceType":"subscriptions/resourcegroups/resources","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/locations","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2016-06-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagnames","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagNames/tagValues","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments","locations":[],"apiVersions":["2021-01-01","2020-10-01","2020-06-01","2019-09-01","2019-08-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments/operations","locations":[],"apiVersions":["2021-01-01","2020-10-01","2020-06-01","2019-09-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"links","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsExtension"},{"resourceType":"operations","locations":[],"apiVersions":["2015-01-01"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2015-01-01"}],"capabilities":"None"},{"resourceType":"bulkDelete","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"capabilities":"None"},{"resourceType":"deploymentScripts","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"SupportsTags, SupportsLocation"},{"resourceType":"deploymentScripts/logs","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"locations/deploymentScriptOperationResults","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"templateSpecs","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"locations/deploymentScriptOperationResults","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"templateSpecs","locations":["East Asia","Southeast Asia","Australia East","Australia Central","Australia Central 2","Australia Southeast","Brazil South","Canada Central","Canada East","Switzerland North","Germany West Central","East US 2","East US","Central US","North Central @@ -337,11 +340,11 @@ interactions: cache-control: - no-cache content-length: - - '16332' + - '16600' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:35 GMT + - Mon, 22 Mar 2021 06:54:20 GMT expires: - '-1' pragma: @@ -369,8 +372,8 @@ interactions: ParameterSetName: - --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -378,10 +381,10 @@ interactions: response: body: string: "{\r\n \"location\": \"eastus\",\r\n \"tags\": {},\r\n \"systemData\": - {\r\n \"createdBy\": \"daetienn@microsoft.com\",\r\n \"createdByType\": - \"User\",\r\n \"createdAt\": \"2020-12-17T22:38:34.884997Z\",\r\n \"lastModifiedBy\": - \"daetienn@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": - \"2020-12-17T22:38:34.884997Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": + {\r\n \"createdBy\": \"zhoxing@microsoft.com\",\r\n \"createdByType\": + \"User\",\r\n \"createdAt\": \"2021-03-22T06:54:18.0943468Z\",\r\n \"lastModifiedBy\": + \"zhoxing@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": + \"2021-03-22T06:54:18.0943468Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": [],\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"armbuilddemo1801\"\r\n @@ -428,7 +431,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:35 GMT + - Mon, 22 Mar 2021 06:54:21 GMT expires: - '-1' pragma: @@ -484,11 +487,11 @@ interactions: content-type: - text/plain; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:36 GMT + - Mon, 22 Mar 2021 06:54:22 GMT etag: - '"2cc7b94cb1a1129b25fb74b5079c39ebea46f9ed18b7ed5ab643967ad43be835"' expires: - - Thu, 17 Dec 2020 22:43:36 GMT + - Mon, 22 Mar 2021 06:59:22 GMT source-age: - '0' strict-transport-security: @@ -496,23 +499,23 @@ interactions: vary: - Authorization,Accept-Encoding via: - - 1.1 varnish (Varnish/6.0), 1.1 varnish + - 1.1 varnish x-cache: - - MISS, MISS + - MISS x-cache-hits: - - 0, 0 + - '0' x-content-type-options: - nosniff x-fastly-request-id: - - 93ea51f300801bcdc2d4670172888dfa9781c09f + - f594fd7152ede68958c0b74d9e57b49867523e54 x-frame-options: - deny x-github-request-id: - - D3D4:209B:F8AD4:120888:5FDBDDEC + - 7B86:7068:C4B65:13C49B:60583F1E x-served-by: - - cache-mia11360-MIA + - cache-sin18022-SIN x-timer: - - S1608244717.680029,VS0,VE142 + - S1616396062.319651,VS0,VE305 x-xss-protection: - 1; mode=block status: @@ -538,15 +541,15 @@ interactions: ParameterSetName: - --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/1","name":"1","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T22:38:37.9309328Z","duration":"PT0S","correlationId":"63a6eb1d-e43d-4cb0-bac0-b62be7a55e99","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/1","name":"1","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:54:24.8900996Z","duration":"PT0S","correlationId":"8934670e-859f-40b6-8fcc-4668b5426f25","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache @@ -555,7 +558,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:37 GMT + - Mon, 22 Mar 2021 06:54:25 GMT expires: - '-1' pragma: @@ -587,8 +590,8 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -610,23 +613,26 @@ interactions: East","UK South","UK West","Korea Central","Korea South","France Central","South Africa North","UAE North","Australia Central","Switzerland North","Germany West Central","Norway East","East US 2 EUAP","Central US EUAP"],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsTags, - SupportsLocation"},{"resourceType":"subscriptions/resourcegroups/resources","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/locations","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2016-06-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagnames","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagNames/tagValues","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments","locations":[],"apiVersions":["2020-06-01","2019-09-01","2019-08-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments/operations","locations":[],"apiVersions":["2020-06-01","2019-09-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"links","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsExtension"},{"resourceType":"operations","locations":[],"apiVersions":["2015-01-01"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2015-01-01"}],"capabilities":"None"},{"resourceType":"bulkDelete","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"capabilities":"None"},{"resourceType":"deploymentScripts","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"SupportsTags, + SupportsLocation"},{"resourceType":"subscriptions/resourcegroups/resources","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/locations","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2016-06-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagnames","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagNames/tagValues","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments","locations":[],"apiVersions":["2021-01-01","2020-10-01","2020-06-01","2019-09-01","2019-08-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments/operations","locations":[],"apiVersions":["2021-01-01","2020-10-01","2020-06-01","2019-09-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"links","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsExtension"},{"resourceType":"operations","locations":[],"apiVersions":["2015-01-01"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2015-01-01"}],"capabilities":"None"},{"resourceType":"bulkDelete","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"capabilities":"None"},{"resourceType":"deploymentScripts","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"SupportsTags, SupportsLocation"},{"resourceType":"deploymentScripts/logs","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"locations/deploymentScriptOperationResults","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"templateSpecs","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"locations/deploymentScriptOperationResults","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"templateSpecs","locations":["East Asia","Southeast Asia","Australia East","Australia Central","Australia Central 2","Australia Southeast","Brazil South","Canada Central","Canada East","Switzerland North","Germany West Central","East US 2","East US","Central US","North Central @@ -647,11 +653,11 @@ interactions: cache-control: - no-cache content-length: - - '16332' + - '16600' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:38 GMT + - Mon, 22 Mar 2021 06:54:26 GMT expires: - '-1' pragma: @@ -679,8 +685,8 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -688,10 +694,10 @@ interactions: response: body: string: "{\r\n \"location\": \"eastus\",\r\n \"tags\": {},\r\n \"systemData\": - {\r\n \"createdBy\": \"daetienn@microsoft.com\",\r\n \"createdByType\": - \"User\",\r\n \"createdAt\": \"2020-12-17T22:38:34.884997Z\",\r\n \"lastModifiedBy\": - \"daetienn@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": - \"2020-12-17T22:38:34.884997Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": + {\r\n \"createdBy\": \"zhoxing@microsoft.com\",\r\n \"createdByType\": + \"User\",\r\n \"createdAt\": \"2021-03-22T06:54:18.0943468Z\",\r\n \"lastModifiedBy\": + \"zhoxing@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": + \"2021-03-22T06:54:18.0943468Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": [],\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"armbuilddemo1801\"\r\n @@ -738,7 +744,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:38 GMT + - Mon, 22 Mar 2021 06:54:27 GMT expires: - '-1' pragma: @@ -776,15 +782,15 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T22:38:40.4132799Z","duration":"PT0S","correlationId":"b99ca82f-8934-493a-9fd4-a05a0a8d88b6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:54:27.9748598Z","duration":"PT0S","correlationId":"b769e8d2-40ff-4455-b618-0b284f23d55a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache @@ -793,7 +799,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:40 GMT + - Mon, 22 Mar 2021 06:54:28 GMT expires: - '-1' pragma: @@ -831,26 +837,26 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-12-17T22:38:42.426562Z","duration":"PT1.2436822S","correlationId":"56f086f9-bb48-44e2-842e-27e98d14f283","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T06:54:32.3822449Z","duration":"PT3.1864438S","correlationId":"4d3e2302-a40f-4eff-87b0-b95f40f8d40e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operationStatuses/08585933621642947441?api-version=2020-10-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operationStatuses/08585852108162818233?api-version=2020-10-01 cache-control: - no-cache content-length: - - '2280' + - '2281' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:38:41 GMT + - Mon, 22 Mar 2021 06:54:33 GMT expires: - '-1' pragma: @@ -878,10 +884,10 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585933621642947441?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852108162818233?api-version=2020-10-01 response: body: string: '{"status":"Running"}' @@ -893,7 +899,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:12 GMT + - Mon, 22 Mar 2021 06:55:03 GMT expires: - '-1' pragma: @@ -921,10 +927,10 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585933621642947441?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852108162818233?api-version=2020-10-01 response: body: string: '{"status":"Succeeded"}' @@ -936,7 +942,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:43 GMT + - Mon, 22 Mar 2021 06:55:34 GMT expires: - '-1' pragma: @@ -964,22 +970,22 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T22:39:23.1915849Z","duration":"PT42.0087051S","correlationId":"56f086f9-bb48-44e2-842e-27e98d14f283","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:55:14.9180781Z","duration":"PT45.722277S","correlationId":"4d3e2302-a40f-4eff-87b0-b95f40f8d40e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache content-length: - - '2846' + - '2845' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:43 GMT + - Mon, 22 Mar 2021 06:55:34 GMT expires: - '-1' pragma: @@ -1007,24 +1013,24 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T22:39:23.1915849Z","duration":"PT42.0087051S","correlationId":"56f086f9-bb48-44e2-842e-27e98d14f283","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003","name":"azure-cli-subscription_level_deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo000005"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:55:14.9180781Z","duration":"PT45.722277S","correlationId":"4d3e2302-a40f-4eff-87b0-b95f40f8d40e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"outputResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo000005"}]}}' headers: cache-control: - no-cache content-length: - - '2846' + - '2845' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:44 GMT + - Mon, 22 Mar 2021 06:55:35 GMT expires: - '-1' pragma: @@ -1054,8 +1060,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1073,7 +1079,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:44 GMT + - Mon, 22 Mar 2021 06:55:36 GMT expires: - '-1' pragma: @@ -1105,24 +1111,24 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/operations?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/5207C2DF38DCA0E9","operationId":"5207C2DF38DCA0E9","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T22:39:22.9745961Z","duration":"PT39.6234366S","trackingId":"ec295560-c848-4fee-8695-c99e77afa05b","serviceRequestId":"43c697f0-9fe2-4920-bb3b-c12a51973cf7","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/B6547F77E2620055","operationId":"B6547F77E2620055","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T22:38:44.6977939Z","duration":"PT1.3466344S","trackingId":"a9541025-d1d2-4915-ba0b-9beafd0e25a5","serviceRequestId":"34b24c90-7066-42f7-8be5-89f8d69d29e7","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/6D66AAF21EC6EC5F","operationId":"6D66AAF21EC6EC5F","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T22:38:44.1240775Z","duration":"PT0.772918S","trackingId":"fe34e4f6-874c-4e9e-bcd6-22b7cc0703fc","serviceRequestId":"westus:f06dca68-a3dd-4637-9d38-8ba56b0946d2","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/7F8EBFE3392EFA31","operationId":"7F8EBFE3392EFA31","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-17T22:38:43.8409896Z","duration":"PT0.4898301S","trackingId":"b664b38a-eec7-4f09-a419-0af069462967","serviceRequestId":"westus:2bf4cb28-f35e-4b53-9b41-0f6b5e854ec0","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/08585933621642947441","operationId":"08585933621642947441","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2020-12-17T22:39:23.1655608Z","duration":"PT0.1452985S","trackingId":"671343be-4b70-44ff-9a31-542555eefbda","statusCode":"OK"}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/BB0CC53EFF348AD5","operationId":"BB0CC53EFF348AD5","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:55:14.7665828Z","duration":"PT41.4134781S","trackingId":"9e594fed-87f8-4db2-92c8-a07ecd0e9abd","serviceRequestId":"a564e64e-5720-4dd4-a18a-042dcf094be8","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/047BF7D373F16CED","operationId":"047BF7D373F16CED","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:54:38.5727125Z","duration":"PT5.2196078S","trackingId":"0ae6dabb-6950-47cb-95da-286d92c44c0e","serviceRequestId":"6f04916b-032c-4dca-9c2a-b3e4266db789","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/0CCC0FCC7A260D94","operationId":"0CCC0FCC7A260D94","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:54:34.1519875Z","duration":"PT0.7988828S","trackingId":"48e1e0c4-545b-4070-af31-29806c3aec86","serviceRequestId":"westus:3a2df59a-3d7a-43cc-bd70-7169fbde5400","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/D53862B573E9142D","operationId":"D53862B573E9142D","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:54:33.9373847Z","duration":"PT0.58428S","trackingId":"996512e9-0d89-47f8-9ea1-7ed61b91ec62","serviceRequestId":"westus:64230226-bcb6-4aba-b88f-a10101098adf","statusCode":"Created","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000003/operations/08585852108162818233","operationId":"08585852108162818233","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2021-03-22T06:55:14.8973316Z","duration":"PT0.06959S","trackingId":"7318a4da-94f9-4b76-a7af-0eb1702f071d","statusCode":"OK"}}]}' headers: cache-control: - no-cache content-length: - - '3476' + - '3473' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:46 GMT + - Mon, 22 Mar 2021 06:55:37 GMT expires: - '-1' pragma: @@ -1150,8 +1156,8 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -1173,23 +1179,26 @@ interactions: East","UK South","UK West","Korea Central","Korea South","France Central","South Africa North","UAE North","Australia Central","Switzerland North","Germany West Central","Norway East","East US 2 EUAP","Central US EUAP"],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsTags, - SupportsLocation"},{"resourceType":"subscriptions/resourcegroups/resources","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/locations","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2016-06-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagnames","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagNames/tagValues","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments","locations":[],"apiVersions":["2020-06-01","2019-09-01","2019-08-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments/operations","locations":[],"apiVersions":["2020-06-01","2019-09-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"links","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsExtension"},{"resourceType":"operations","locations":[],"apiVersions":["2015-01-01"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2015-01-01"}],"capabilities":"None"},{"resourceType":"bulkDelete","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"capabilities":"None"},{"resourceType":"deploymentScripts","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"SupportsTags, + SupportsLocation"},{"resourceType":"subscriptions/resourcegroups/resources","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/locations","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2016-06-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagnames","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"subscriptions/tagNames/tagValues","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments","locations":[],"apiVersions":["2021-01-01","2020-10-01","2020-06-01","2019-09-01","2019-08-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"deployments/operations","locations":[],"apiVersions":["2021-01-01","2020-10-01","2020-06-01","2019-09-01","2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"None"},{"resourceType":"links","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2016-06-01"},{"profileVersion":"2019-03-01-hybrid","apiVersion":"2018-05-01"}],"capabilities":"SupportsExtension"},{"resourceType":"operations","locations":[],"apiVersions":["2015-01-01"],"apiProfiles":[{"profileVersion":"2018-06-01-profile","apiVersion":"2015-01-01"}],"capabilities":"None"},{"resourceType":"bulkDelete","locations":[],"apiVersions":["2019-05-01","2019-04-01","2019-03-01","2018-11-01","2018-09-01","2018-08-01","2018-07-01","2018-05-01","2018-02-01","2018-01-01","2017-08-01","2017-06-01","2017-05-10","2017-05-01","2017-03-01","2016-09-01","2016-07-01","2016-06-01","2016-02-01","2015-11-01","2015-01-01","2014-04-01-preview"],"capabilities":"None"},{"resourceType":"deploymentScripts","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"SupportsTags, SupportsLocation"},{"resourceType":"deploymentScripts/logs","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"locations/deploymentScriptOperationResults","locations":["East - Asia","Southeast Asia","Australia East","Brazil South","Canada Central","East - US 2","East US","Central US","North Central US","UK South","Central India","South - India","Japan East","Korea Central","North Europe","West Central US","West - Europe","West US 2","West US","South Central US","Canada East","Central US - EUAP","East US 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"templateSpecs","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"locations/deploymentScriptOperationResults","locations":["East + Asia","Southeast Asia","Australia East","Brazil South","Canada Central","Switzerland + North","Germany West Central","East US 2","East US","Central US","North Central + US","France Central","UK South","Central India","South India","Japan East","Korea + Central","North Europe","UAE North","West Central US","West Europe","West + US 2","West US","South Central US","Canada East","Central US EUAP","East US + 2 EUAP"],"apiVersions":["2020-10-01","2019-10-01-preview"],"capabilities":"None"},{"resourceType":"templateSpecs","locations":["East Asia","Southeast Asia","Australia East","Australia Central","Australia Central 2","Australia Southeast","Brazil South","Canada Central","Canada East","Switzerland North","Germany West Central","East US 2","East US","Central US","North Central @@ -1210,11 +1219,11 @@ interactions: cache-control: - no-cache content-length: - - '16332' + - '16600' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:46 GMT + - Mon, 22 Mar 2021 06:55:39 GMT expires: - '-1' pragma: @@ -1242,8 +1251,8 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -1251,10 +1260,10 @@ interactions: response: body: string: "{\r\n \"location\": \"eastus\",\r\n \"tags\": {},\r\n \"systemData\": - {\r\n \"createdBy\": \"daetienn@microsoft.com\",\r\n \"createdByType\": - \"User\",\r\n \"createdAt\": \"2020-12-17T22:38:34.884997Z\",\r\n \"lastModifiedBy\": - \"daetienn@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": - \"2020-12-17T22:38:34.884997Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": + {\r\n \"createdBy\": \"zhoxing@microsoft.com\",\r\n \"createdByType\": + \"User\",\r\n \"createdAt\": \"2021-03-22T06:54:18.0943468Z\",\r\n \"lastModifiedBy\": + \"zhoxing@microsoft.com\",\r\n \"lastModifiedByType\": \"User\",\r\n \"lastModifiedAt\": + \"2021-03-22T06:54:18.0943468Z\"\r\n },\r\n \"properties\": {\r\n \"artifacts\": [],\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"armbuilddemo1801\"\r\n @@ -1301,7 +1310,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:46 GMT + - Mon, 22 Mar 2021 06:55:40 GMT expires: - '-1' pragma: @@ -1339,15 +1348,15 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004","name":"azure-cli-subscription_level_deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-17T22:39:48.4093233Z","duration":"PT0S","correlationId":"1a2db1f1-4c79-4fff-b811-e5e423bc1698","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1801"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004","name":"azure-cli-subscription_level_deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:55:42.1127998Z","duration":"PT0S","correlationId":"9dc43b7e-86e8-4c1c-a99c-c5bcc23f2ba9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}],"validatedResources":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Storage/storageAccounts/armbuilddemo1801"}]}}' headers: cache-control: - no-cache @@ -1356,7 +1365,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:48 GMT + - Mon, 22 Mar 2021 06:55:42 GMT expires: - '-1' pragma: @@ -1370,7 +1379,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1196' status: code: 200 message: OK @@ -1394,18 +1403,18 @@ interactions: ParameterSetName: - -n --location --template-spec --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004","name":"azure-cli-subscription_level_deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-12-17T22:39:50.2580126Z","duration":"PT1.1241326S","correlationId":"a074948c-517e-431b-b4e0-2c3745a42b18","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004","name":"azure-cli-subscription_level_deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T06:55:46.5697805Z","duration":"PT3.2468087S","correlationId":"ed414cd9-f4a2-4da3-8b21-05705633ff93","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004/operationStatuses/08585933620963437385?api-version=2020-10-01 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004/operationStatuses/08585852107421546670?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -1413,7 +1422,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:49 GMT + - Mon, 22 Mar 2021 06:55:46 GMT expires: - '-1' pragma: @@ -1423,7 +1432,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1198' status: code: 201 message: Created @@ -1443,8 +1452,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1456,7 +1465,7 @@ interactions: cache-control: - no-cache date: - - Thu, 17 Dec 2020 22:39:51 GMT + - Mon, 22 Mar 2021 06:55:49 GMT expires: - '-1' pragma: @@ -1484,24 +1493,24 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004","name":"azure-cli-subscription_level_deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-17T22:39:51.1477898Z","duration":"PT2.0139098S","correlationId":"a074948c-517e-431b-b4e0-2c3745a42b18","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/azure-cli-subscription_level_deployment000004","name":"azure-cli-subscription_level_deployment000004","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateLink":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_template_specs_tenant_deploy000001/providers/Microsoft.Resources/templateSpecs/cli-test-sub-lvl-ts-deploy000002/versions/1.0","contentVersion":"1.0.0.0"},"templateHash":"1013067532690748919","parameters":{"storageAccountName":{"type":"String","value":"armbuilddemo1801"},"nestedRGName":{"type":"String","value":"cli_test_subscription_level_deployment"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T06:55:48.305491Z","duration":"PT4.9825192S","correlationId":"ed414cd9-f4a2-4da3-8b21-05705633ff93","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"policyDefinitions","locations":[null]},{"resourceType":"policyAssignments","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"resourceGroups","locations":["westus"]},{"resourceType":"deployments","locations":[null]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","resourceType":"Microsoft.Authorization/policyDefinitions","resourceName":"policy2"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/location-lock","resourceType":"Microsoft.Authorization/policyAssignments","resourceName":"location-lock"},{"dependsOn":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment","resourceType":"Microsoft.Resources/resourceGroups","resourceName":"cli_test_subscription_level_deployment"}],"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_subscription_level_deployment/providers/Microsoft.Resources/deployments/rg-nested6","resourceType":"Microsoft.Resources/deployments","resourceName":"rg-nested6"}]}}' headers: cache-control: - no-cache content-length: - - '2277' + - '2276' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Dec 2020 22:39:51 GMT + - Mon, 22 Mar 2021 06:55:50 GMT expires: - '-1' pragma: @@ -1531,8 +1540,8 @@ interactions: ParameterSetName: - --template-spec --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -1546,7 +1555,7 @@ interactions: content-length: - '0' date: - - Thu, 17 Dec 2020 22:39:53 GMT + - Mon, 22 Mar 2021 06:55:56 GMT expires: - '-1' pragma: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_deployment.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_deployment.yaml index fb58127fd0c..de928eb4027 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_deployment.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_deployment.yaml @@ -15,8 +15,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:17:53 GMT + - Mon, 22 Mar 2021 06:13:28 GMT expires: - '-1' pragma: @@ -64,8 +64,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -81,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:03 GMT + - Mon, 22 Mar 2021 06:13:38 GMT expires: - '-1' pragma: @@ -116,8 +116,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -133,7 +133,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:04 GMT + - Mon, 22 Mar 2021 06:13:41 GMT expires: - '-1' location: @@ -141,11 +141,11 @@ interactions: pragma: - no-cache request-id: - - bd79e6b9-8d3b-448e-83c9-3dfd1ae998bb + - 3a908948-3b94-4b09-8aad-443df36ab94b strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: @@ -167,8 +167,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: @@ -182,7 +182,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:15 GMT + - Mon, 22 Mar 2021 06:13:51 GMT expires: - '-1' location: @@ -190,11 +190,11 @@ interactions: pragma: - no-cache request-id: - - 5d138f4f-df64-4ac9-ac58-cfba5a85e27e + - ad66f20e-e97c-4969-9c91-f490bf368856 strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -214,8 +214,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: @@ -229,7 +229,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:25 GMT + - Mon, 22 Mar 2021 06:14:02 GMT expires: - '-1' location: @@ -237,11 +237,11 @@ interactions: pragma: - no-cache request-id: - - 7470fada-8018-4197-b885-dcc95bfd7cfd + - 06d28d43-1bb3-490e-bdac-b5374ef247cb strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -261,29 +261,28 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management-group000002","status":"Succeeded","properties":{"tenantId":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"azure-cli-management-group000002","details":{"version":1,"updatedTime":"2020-12-16T22:18:12.3600316Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","parent":{"id":"/providers/Microsoft.Management/managementGroups/01a4073e-87c8-47cd-aafc-1439b4b5ea2c","name":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"Tenant - Root Group"}}}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"azure-cli-management-group000002","details":{"version":1,"updatedTime":"2021-03-22T06:13:49.7115603Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' headers: cache-control: - no-cache content-length: - - '653' + - '672' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:35 GMT + - Mon, 22 Mar 2021 06:14:15 GMT expires: - '-1' pragma: - no-cache request-id: - - 499083d9-4d66-4ec4-952b-9c58940b9c50 + - d3350865-3c65-4a79-872b-8ba834a84a03 strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -291,7 +290,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -304,7 +303,7 @@ interactions: \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"targetMG\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment_mg\"\r\n \ },\r\n \"nestedSubId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"6898adc8-5045-473d-a1bf-7012564f43cb\"\r\n },\r\n \"nestedRG\": {\r\n + \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"\r\n },\r\n \"nestedRG\": {\r\n \ \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment\"\r\n \ },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0cb07228-4614-4814-ac1a-c4e39793ce58\"\r\n }\r\n },\r\n \"variables\": @@ -363,15 +362,15 @@ interactions: ParameterSetName: - --location --template-file --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/tenant_level_template","name":"tenant_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:18:37.6821056Z","duration":"PT0S","correlationId":"6ca28245-7f42-4835-989e-9ab3b242f396","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"validatedResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/tenant_level_template","name":"tenant_level_template","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:16.2286559Z","duration":"PT0S","correlationId":"3c83cb94-fca9-425a-bdfe-bdedd384f3bb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"validatedResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' headers: cache-control: - no-cache @@ -380,7 +379,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:37 GMT + - Mon, 22 Mar 2021 06:14:16 GMT expires: - '-1' pragma: @@ -405,7 +404,7 @@ interactions: \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"targetMG\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment_mg\"\r\n \ },\r\n \"nestedSubId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"6898adc8-5045-473d-a1bf-7012564f43cb\"\r\n },\r\n \"nestedRG\": {\r\n + \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"\r\n },\r\n \"nestedRG\": {\r\n \ \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment\"\r\n \ },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0cb07228-4614-4814-ac1a-c4e39793ce58\"\r\n }\r\n },\r\n \"variables\": @@ -464,15 +463,15 @@ interactions: ParameterSetName: - --location -n --template-file --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:18:38.396992Z","duration":"PT0S","correlationId":"0d5d4a8b-f064-475c-b385-016e9c192d44","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"validatedResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:17.525828Z","duration":"PT0S","correlationId":"af2f3c5f-86d9-4c93-8b09-cd81926b4485","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"validatedResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' headers: cache-control: - no-cache @@ -481,7 +480,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:38 GMT + - Mon, 22 Mar 2021 06:14:17 GMT expires: - '-1' pragma: @@ -506,7 +505,7 @@ interactions: \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"targetMG\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment_mg\"\r\n \ },\r\n \"nestedSubId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"6898adc8-5045-473d-a1bf-7012564f43cb\"\r\n },\r\n \"nestedRG\": {\r\n + \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"\r\n },\r\n \"nestedRG\": {\r\n \ \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment\"\r\n \ },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0cb07228-4614-4814-ac1a-c4e39793ce58\"\r\n }\r\n },\r\n \"variables\": @@ -565,18 +564,18 @@ interactions: ParameterSetName: - --location -n --template-file --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-12-16T22:18:39.7297926Z","duration":"PT0.9732929S","correlationId":"e4420285-fbb9-478f-8345-e252008cf4d6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T06:14:21.6531788Z","duration":"PT3.2978192S","correlationId":"7835dd76-181e-40fa-aeae-c28d5fd9460f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}}' headers: azure-asyncoperation: - - https://management.azure.com/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operationStatuses/08585934497667211196?api-version=2020-10-01 + - https://management.azure.com/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operationStatuses/08585852132271222701?api-version=2020-10-01 cache-control: - no-cache content-length: @@ -584,7 +583,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:18:39 GMT + - Mon, 22 Mar 2021 06:14:22 GMT expires: - '-1' pragma: @@ -612,53 +611,10 @@ interactions: ParameterSetName: - --location -n --template-file --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585934497667211196?api-version=2020-10-01 - response: - body: - string: '{"status":"Running"}' - headers: - cache-control: - - no-cache - content-length: - - '20' - content-type: - - application/json; charset=utf-8 - date: - - Wed, 16 Dec 2020 22:19:10 GMT - expires: - - '-1' - pragma: - - no-cache - strict-transport-security: - - max-age=31536000; includeSubDomains - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - deployment tenant create - Connection: - - keep-alive - ParameterSetName: - - --location -n --template-file --parameters - User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 - method: GET - uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585934497667211196?api-version=2020-10-01 + uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/operationStatuses/08585852132271222701?api-version=2020-10-01 response: body: string: '{"status":"Succeeded"}' @@ -670,7 +626,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:40 GMT + - Mon, 22 Mar 2021 06:14:53 GMT expires: - '-1' pragma: @@ -698,22 +654,22 @@ interactions: ParameterSetName: - --location -n --template-file --parameters User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:22.8826165Z","duration":"PT44.1261168S","correlationId":"e4420285-fbb9-478f-8345-e252008cf4d6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:37.6310446Z","duration":"PT19.275685S","correlationId":"7835dd76-181e-40fa-aeae-c28d5fd9460f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' headers: cache-control: - no-cache content-length: - - '1439' + - '1438' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:40 GMT + - Mon, 22 Mar 2021 06:14:53 GMT expires: - '-1' pragma: @@ -739,31 +695,24 @@ interactions: Connection: - keep-alive User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Resources/deployments/?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:22.8826165Z","duration":"PT44.1261168S","correlationId":"e4420285-fbb9-478f-8345-e252008cf4d6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentrmkwppw23mk2clh3ojwkq57rxlk","name":"azure-cli-tenant-level-deploymentrmkwppw23mk2clh3ojwkq57rxlk","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"3930299554790686032","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-grouppjfuw7pd4b3d2d"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"79d53de5-0a64-4f79-8c63-229ea4e90b45"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-16T22:16:39.6308498Z","duration":"PT26.63259S","correlationId":"c32b76ad-c7b1-4f0b-86ce-c2f440ee0a6d","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"error":{"code":"DeploymentFailed","message":"At - least one resource deployment operation failed. Please list deployment operations - for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"RoleDefinitionWithSameNameExists","message":"A - role definition cannot be updated with a name that already exists."}]}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentga7bkm2jmpd4gzzgre6easu5z","name":"azure-cli-resource-group-deploymentga7bkm2jmpd4gzzgre6easu5z","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupjeosaw5hc3iz23"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-16T21:24:14.5747506Z","duration":"PT8.2339729S","correlationId":"039bddd7-9d33-48bf-998a-a3cd95382a0b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentz42awxbtg524llffji6mp76pwgq","name":"azure-cli-tenant-level-deploymentz42awxbtg524llffji6mp76pwgq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupjeosaw5hc3iz23"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T21:23:37.2681104Z","duration":"PT7.8019338S","correlationId":"616ecc29-8a08-429a-9189-bfb23415f7ab","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupjeosaw5hc3iz23/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentfs7f3wswepg6rs2dascdrhmomin","name":"azure-cli-tenant-level-deploymentfs7f3wswepg6rs2dascdrhmomin","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-managementfhk4rwuydp"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Failed","timestamp":"2020-12-16T19:54:47.1877621Z","duration":"PT38.1876084S","correlationId":"96ed76db-8f86-4019-9edb-ddefe0e36dc8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"error":{"code":"DeploymentFailed","message":"At - least one resource deployment operation failed. Please list deployment operations - for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"DeploymentFailed","message":"At - least one resource deployment operation failed. Please list deployment operations - for details. Please see https://aka.ms/DeployOperations for usage details."}]}}}]}' + string: '{"value":[{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:37.6310446Z","duration":"PT19.275685S","correlationId":"7835dd76-181e-40fa-aeae-c28d5fd9460f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment6mgkzwcaojnqvkyy2x5k6i4bg","name":"azure-cli-resource-group-deployment6mgkzwcaojnqvkyy2x5k6i4bg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupzdy3u4nlbevycz"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-13T06:01:06.5202906Z","duration":"PT14.718349S","correlationId":"a30421ab-02c9-4f59-a144-ee7633e5bb8b","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment2fzgmtdgzuv6d3crt3bsbojkfpy","name":"azure-cli-tenant-level-deployment2fzgmtdgzuv6d3crt3bsbojkfpy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupzdy3u4nlbevycz"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T06:00:23.4615846Z","duration":"PT14.7004269S","correlationId":"8340a0ad-73e7-4c80-88f0-4472fbf38767","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupzdy3u4nlbevycz/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentefswfbjpp5bzvsee4ikdobrt4","name":"azure-cli-resource-group-deploymentefswfbjpp5bzvsee4ikdobrt4","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupgnzen3wf4c7lwa"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-13T05:31:58.6269017Z","duration":"PT11.1332482S","correlationId":"5f653fec-cd7c-47b4-b8be-4365d2d7744f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentrgmfnajknwbc4hsmtiik2hfzpoo","name":"azure-cli-tenant-level-deploymentrgmfnajknwbc4hsmtiik2hfzpoo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupgnzen3wf4c7lwa"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:31:27.5362393Z","duration":"PT23.9937435S","correlationId":"5601989e-f0dd-47eb-b1f0-fbd977222980","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupgnzen3wf4c7lwa/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentjk2ptqx25hcn45cbe54c3mczj","name":"azure-cli-resource-group-deploymentjk2ptqx25hcn45cbe54c3mczj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group2fgrids5soszvm"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-11-03T08:23:00.3081093Z","duration":"PT13.1641274S","correlationId":"2c15eca9-2257-4fad-a07d-4e61a97b012a","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentmsop3bplhaprp24bxxelcms2woj","name":"azure-cli-tenant-level-deploymentmsop3bplhaprp24bxxelcms2woj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group2fgrids5soszvm"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-03T08:22:25.7053518Z","duration":"PT23.0898668S","correlationId":"37f207ba-65bb-4dac-856a-32e7857c09c0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group2fgrids5soszvm/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentuvrscbdgenxwysb3vlghm7deg","name":"azure-cli-resource-group-deploymentuvrscbdgenxwysb3vlghm7deg","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupuapnycdiina55l"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-27T09:42:38.1960435Z","duration":"PT9.9899234S","correlationId":"5d7d44d3-f944-4ef5-984d-5fbdf30ae8ad","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment4dnfdet6b4b5x4u4hvbsjzoyvur","name":"azure-cli-tenant-level-deployment4dnfdet6b4b5x4u4hvbsjzoyvur","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupuapnycdiina55l"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-27T09:42:07.1094859Z","duration":"PT20.0048025S","correlationId":"c12e817c-5366-4442-932e-90dcf2a25a74","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupuapnycdiina55l/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentml7fxn7da4zwhboixrgsca6wf","name":"azure-cli-resource-group-deploymentml7fxn7da4zwhboixrgsca6wf","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupef5biplbbjoci3"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-26T08:24:21.5067991Z","duration":"PT11.0441624S","correlationId":"c0bddab5-b5f7-4dd1-8648-307eb7df3919","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentvaheytpty4ahniwodoqsznmm7cd","name":"azure-cli-tenant-level-deploymentvaheytpty4ahniwodoqsznmm7cd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupef5biplbbjoci3"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:23:44.3359098Z","duration":"PT16.4196687S","correlationId":"be0dac16-c10d-4ddf-b6dc-59bd23800caa","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupef5biplbbjoci3/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymenteyhlp5mh63n4nlrf47ter3wx5","name":"azure-cli-resource-group-deploymenteyhlp5mh63n4nlrf47ter3wx5","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupjbw3kt44gep7xr"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-10-26T08:05:13.5173861Z","duration":"PT8.5743259S","correlationId":"73648d0b-501a-4770-8420-3791e27f4e7e","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentwo2s545sdky2ce6hxzazwklq6h6","name":"azure-cli-tenant-level-deploymentwo2s545sdky2ce6hxzazwklq6h6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupjbw3kt44gep7xr"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:04:43.5695709Z","duration":"PT21.9183927S","correlationId":"7ada9fcc-b84d-48ac-bef8-aa5e9e2564b8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupjbw3kt44gep7xr/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentepob5e7c6clhz2jxibpqlikuc","name":"azure-cli-resource-group-deploymentepob5e7c6clhz2jxibpqlikuc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupv5gp424sohogns"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-08-28T10:22:26.0611227Z","duration":"PT10.1579293S","correlationId":"6bb6af57-27bb-4d2a-8cbe-628843d248cd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentl4lqfretn4bfjiy6sxt5nt32tdj","name":"azure-cli-tenant-level-deploymentl4lqfretn4bfjiy6sxt5nt32tdj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupv5gp424sohogns"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-28T10:21:46.186992Z","duration":"PT15.5157243S","correlationId":"76bc6463-515e-4a6f-ae03-b68e54dc2cbd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupv5gp424sohogns/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentbxli5udcyzdxh45uk3uvpie37","name":"azure-cli-resource-group-deploymentbxli5udcyzdxh45uk3uvpie37","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupndzli2k4pgzkop"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-08T05:34:26.6016095Z","duration":"PT9.4788068S","correlationId":"53bbef46-2373-49dc-9d5c-5fe0661926b9","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment5w5v5yskck63kwjjn2hi6j3hjix","name":"azure-cli-tenant-level-deployment5w5v5yskck63kwjjn2hi6j3hjix","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupndzli2k4pgzkop"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T05:33:56.46565Z","duration":"PT23.9429498S","correlationId":"8b7c7901-674c-49ca-80a0-bfc4470657d8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupndzli2k4pgzkop/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deploymentblxnwchvrfzdq7jffkpzrfngc","name":"azure-cli-resource-group-deploymentblxnwchvrfzdq7jffkpzrfngc","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupy2mek2pqmm7n5a"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-04-08T02:29:23.8579483Z","duration":"PT7.5463888S","correlationId":"83ec3892-7b1c-48f7-886b-baf3a89ba986","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment4k7nyx3w7jrm3hahhuysq5b2kqn","name":"azure-cli-tenant-level-deployment4k7nyx3w7jrm3hahhuysq5b2kqn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupy2mek2pqmm7n5a"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T02:28:36.6116211Z","duration":"PT35.8438918S","correlationId":"dca5c56a-16d6-4dc6-88c8-d3ecbd418cc4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupy2mek2pqmm7n5a/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/zhoxing-test","name":"zhoxing-test","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"cli_tenant_level_deployment_mg"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-25T11:59:18.1964378Z","duration":"PT1M14.8656454S","correlationId":"a694b6d9-6dde-428f-8c8b-03bad8e71395","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/cli_tenant_level_deployment_mg/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymenttaaryuwobnszca5mlwvkrd5eqki","name":"azure-cli-tenant-level-deploymenttaaryuwobnszca5mlwvkrd5eqki","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupge7re5w2ioyvfj"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-19T04:11:33.8158322Z","duration":"PT1M39.1979886S","correlationId":"a2eaee77-a61b-4dfc-ab00-21e389b19170","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupge7re5w2ioyvfj/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}]}' headers: cache-control: - no-cache content-length: - - '6815' + - '26695' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:41 GMT + - Mon, 22 Mar 2021 06:14:56 GMT expires: - '-1' pragma: @@ -791,24 +740,24 @@ interactions: ParameterSetName: - --filter User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Resources/deployments/?$filter=provisioningState%20eq%20%27Succeeded%27&api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:22.8826165Z","duration":"PT44.1261168S","correlationId":"e4420285-fbb9-478f-8345-e252008cf4d6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentz42awxbtg524llffji6mp76pwgq","name":"azure-cli-tenant-level-deploymentz42awxbtg524llffji6mp76pwgq","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupjeosaw5hc3iz23"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T21:23:37.2681104Z","duration":"PT7.8019338S","correlationId":"616ecc29-8a08-429a-9189-bfb23415f7ab","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupjeosaw5hc3iz23/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}]}' + string: '{"value":[{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:37.6310446Z","duration":"PT19.275685S","correlationId":"7835dd76-181e-40fa-aeae-c28d5fd9460f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment2fzgmtdgzuv6d3crt3bsbojkfpy","name":"azure-cli-tenant-level-deployment2fzgmtdgzuv6d3crt3bsbojkfpy","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupzdy3u4nlbevycz"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T06:00:23.4615846Z","duration":"PT14.7004269S","correlationId":"8340a0ad-73e7-4c80-88f0-4472fbf38767","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupzdy3u4nlbevycz/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentrgmfnajknwbc4hsmtiik2hfzpoo","name":"azure-cli-tenant-level-deploymentrgmfnajknwbc4hsmtiik2hfzpoo","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupgnzen3wf4c7lwa"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-13T05:31:27.5362393Z","duration":"PT23.9937435S","correlationId":"5601989e-f0dd-47eb-b1f0-fbd977222980","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupgnzen3wf4c7lwa/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentmsop3bplhaprp24bxxelcms2woj","name":"azure-cli-tenant-level-deploymentmsop3bplhaprp24bxxelcms2woj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group2fgrids5soszvm"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-11-03T08:22:25.7053518Z","duration":"PT23.0898668S","correlationId":"37f207ba-65bb-4dac-856a-32e7857c09c0","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group2fgrids5soszvm/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment4dnfdet6b4b5x4u4hvbsjzoyvur","name":"azure-cli-tenant-level-deployment4dnfdet6b4b5x4u4hvbsjzoyvur","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupuapnycdiina55l"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-27T09:42:07.1094859Z","duration":"PT20.0048025S","correlationId":"c12e817c-5366-4442-932e-90dcf2a25a74","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupuapnycdiina55l/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentvaheytpty4ahniwodoqsznmm7cd","name":"azure-cli-tenant-level-deploymentvaheytpty4ahniwodoqsznmm7cd","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupef5biplbbjoci3"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:23:44.3359098Z","duration":"PT16.4196687S","correlationId":"be0dac16-c10d-4ddf-b6dc-59bd23800caa","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupef5biplbbjoci3/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentwo2s545sdky2ce6hxzazwklq6h6","name":"azure-cli-tenant-level-deploymentwo2s545sdky2ce6hxzazwklq6h6","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupjbw3kt44gep7xr"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-10-26T08:04:43.5695709Z","duration":"PT21.9183927S","correlationId":"7ada9fcc-b84d-48ac-bef8-aa5e9e2564b8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupjbw3kt44gep7xr/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymentl4lqfretn4bfjiy6sxt5nt32tdj","name":"azure-cli-tenant-level-deploymentl4lqfretn4bfjiy6sxt5nt32tdj","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupv5gp424sohogns"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-08-28T10:21:46.186992Z","duration":"PT15.5157243S","correlationId":"76bc6463-515e-4a6f-ae03-b68e54dc2cbd","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupv5gp424sohogns/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment5w5v5yskck63kwjjn2hi6j3hjix","name":"azure-cli-tenant-level-deployment5w5v5yskck63kwjjn2hi6j3hjix","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupndzli2k4pgzkop"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T05:33:56.46565Z","duration":"PT23.9429498S","correlationId":"8b7c7901-674c-49ca-80a0-bfc4470657d8","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupndzli2k4pgzkop/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment4k7nyx3w7jrm3hahhuysq5b2kqn","name":"azure-cli-tenant-level-deployment4k7nyx3w7jrm3hahhuysq5b2kqn","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupy2mek2pqmm7n5a"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-04-08T02:28:36.6116211Z","duration":"PT35.8438918S","correlationId":"dca5c56a-16d6-4dc6-88c8-d3ecbd418cc4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupy2mek2pqmm7n5a/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/zhoxing-test","name":"zhoxing-test","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"cli_tenant_level_deployment_mg"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-25T11:59:18.1964378Z","duration":"PT1M14.8656454S","correlationId":"a694b6d9-6dde-428f-8c8b-03bad8e71395","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/cli_tenant_level_deployment_mg/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deploymenttaaryuwobnszca5mlwvkrd5eqki","name":"azure-cli-tenant-level-deploymenttaaryuwobnszca5mlwvkrd5eqki","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"719610895279989815","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-groupge7re5w2ioyvfj"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce59"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-03-19T04:11:33.8158322Z","duration":"PT1M39.1979886S","correlationId":"a2eaee77-a61b-4dfc-ab00-21e389b19170","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce59"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-groupge7re5w2ioyvfj/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}]}' headers: cache-control: - no-cache content-length: - - '2890' + - '17171' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:42 GMT + - Mon, 22 Mar 2021 06:14:57 GMT expires: - '-1' pragma: @@ -836,24 +785,24 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:22.8826165Z","duration":"PT44.1261168S","correlationId":"e4420285-fbb9-478f-8345-e252008cf4d6","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001","name":"azure-cli-tenant-level-deployment000001","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:37.6310446Z","duration":"PT19.275685S","correlationId":"7835dd76-181e-40fa-aeae-c28d5fd9460f","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"outputResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' headers: cache-control: - no-cache content-length: - - '1439' + - '1438' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:42 GMT + - Mon, 22 Mar 2021 06:14:57 GMT expires: - '-1' pragma: @@ -883,15 +832,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/exportTemplate?api-version=2020-10-01 response: body: - string: '{"template":{"$schema":"https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"targetMG":{"defaultValue":"cli_tenant_level_deployment_mg","type":"String"},"nestedSubId":{"defaultValue":"6898adc8-5045-473d-a1bf-7012564f43cb","type":"String"},"nestedRG":{"defaultValue":"cli_tenant_level_deployment","type":"String"},"roleDefinitionId":{"defaultValue":"0cb07228-4614-4814-ac1a-c4e39793ce58","type":"String"}},"variables":{"managementGroupScope":"[concat(''Microsoft.Management/managementGroups/'', + string: '{"template":{"$schema":"https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"targetMG":{"defaultValue":"cli_tenant_level_deployment_mg","type":"String"},"nestedSubId":{"defaultValue":"0b1f6471-1bf0-4dda-aec3-cb9272f09590","type":"String"},"nestedRG":{"defaultValue":"cli_tenant_level_deployment","type":"String"},"roleDefinitionId":{"defaultValue":"0cb07228-4614-4814-ac1a-c4e39793ce58","type":"String"}},"variables":{"managementGroupScope":"[concat(''Microsoft.Management/managementGroups/'', parameters(''targetMG''))]","managementGroupFullyQualifiedId":"[concat(''/providers/'', variables(''managementGroupScope''))]"},"resources":[{"type":"Microsoft.Authorization/roleDefinitions","apiVersion":"2018-07-01","name":"[parameters(''roleDefinitionId'')]","properties":{"roleName":"Tiano SDK Test Role","description":"something","type":"CustomRole","permissions":[{"actions":["Microsoft.Storage/*/read"],"notActions":[]}],"assignableScopes":["[variables(''managementGroupFullyQualifiedId'')]"]}},{"type":"Microsoft.Resources/deployments","apiVersion":"2019-07-01","name":"mg-nested","location":"West @@ -906,7 +855,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:44 GMT + - Mon, 22 Mar 2021 06:14:59 GMT expires: - '-1' pragma: @@ -938,15 +887,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/operations?api-version=2020-10-01 response: body: - string: '{"value":[{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/9420161AC71E11CE","operationId":"9420161AC71E11CE","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:22.7094647Z","duration":"PT41.9800781S","trackingId":"b0a716c3-8288-45d8-ba35-5341430de037","serviceRequestId":"30bb05e9-bfb8-43f8-b76e-433327889266","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"sub-nested"}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/2A215292A77CB8A1","operationId":"2A215292A77CB8A1","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-16T22:18:42.1663027Z","duration":"PT1.4369161S","trackingId":"6721bfd9-79e0-484b-9ff4-64bbc0dd1db3","serviceRequestId":"0f7d8ba4-af20-4aaa-b81a-eb3be900279b","statusCode":"Created","targetResource":{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58","resourceType":"Microsoft.Authorization/roleDefinitions","resourceName":"0cb07228-4614-4814-ac1a-c4e39793ce58"}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/5052F761FD42CDF3","operationId":"5052F761FD42CDF3","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2020-12-16T22:18:43.1105162Z","duration":"PT2.3811296S","trackingId":"b78c8a30-c08f-407f-a15b-27200f4730e8","serviceRequestId":"01cbc341-b5dc-43cb-be8c-91fbfe402801","statusCode":"OK","targetResource":{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"mg-nested"}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/08585934497667211196","operationId":"08585934497667211196","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:22.855516Z","duration":"PT0.1108249S","trackingId":"3e210fa5-13e4-487c-9238-e0d7a8a5595c","statusCode":"OK"}}]}' + string: '{"value":[{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/2A215292A77CB8A1","operationId":"2A215292A77CB8A1","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:27.7223308Z","duration":"PT4.749956S","trackingId":"dc2566fe-5a00-4808-b943-6ec779b6012c","serviceRequestId":"1bb02c40-3fa8-4e02-a533-0fe8a7d31393","statusCode":"Created","targetResource":{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58","resourceType":"Microsoft.Authorization/roleDefinitions","resourceName":"0cb07228-4614-4814-ac1a-c4e39793ce58"}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/0E001B8A1AA20F3D","operationId":"0E001B8A1AA20F3D","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:37.3637434Z","duration":"PT14.3913686S","trackingId":"ef9f5ba8-5976-4909-90d7-0e75c38d269c","serviceRequestId":"da63c66d-e7f5-4575-bd21-6d71477923a6","statusCode":"OK","targetResource":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"sub-nested"}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/0276C30210CA3CB2","operationId":"0276C30210CA3CB2","properties":{"provisioningOperation":"Create","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:32.2531605Z","duration":"PT9.2807857S","trackingId":"c0961e7a-2821-4060-b3af-151a1e167684","serviceRequestId":"912844d6-bc40-4dbc-b7f5-38cb765e4a8d","statusCode":"OK","targetResource":{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested","resourceType":"Microsoft.Resources/deployments","resourceName":"mg-nested"}}},{"id":"/providers/Microsoft.Resources/deployments/azure-cli-tenant-level-deployment000001/operations/08585852132271222701","operationId":"08585852132271222701","properties":{"provisioningOperation":"EvaluateDeploymentOutput","provisioningState":"Succeeded","timestamp":"2021-03-22T06:14:37.4698828Z","duration":"PT0.0545502S","trackingId":"80b76b4d-c8f4-4b5c-9041-b33001833721","statusCode":"OK"}}]}' headers: cache-control: - no-cache @@ -955,7 +904,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:44 GMT + - Mon, 22 Mar 2021 06:15:00 GMT expires: - '-1' pragma: @@ -976,7 +925,7 @@ interactions: \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"targetMG\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment_mg\"\r\n \ },\r\n \"nestedSubId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"6898adc8-5045-473d-a1bf-7012564f43cb\"\r\n },\r\n \"nestedRG\": {\r\n + \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"\r\n },\r\n \"nestedRG\": {\r\n \ \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment\"\r\n \ },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0cb07228-4614-4814-ac1a-c4e39793ce58\"\r\n }\r\n },\r\n \"variables\": @@ -1035,15 +984,15 @@ interactions: ParameterSetName: - --location -n --template-file --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment/validate?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003","name":"azure-cli-resource-group-deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2020-12-16T22:19:45.3906724Z","duration":"PT0S","correlationId":"016d0a25-4698-4738-bc6f-9ca4eb1970eb","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"validatedResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003","name":"azure-cli-resource-group-deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Succeeded","timestamp":"2021-03-22T06:15:01.7240865Z","duration":"PT0S","correlationId":"c5c8027f-1f18-41f2-ae0b-3edf6f84eb20","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[],"validatedResources":[{"id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Resources/deployments/mg-nested"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Resources/deployments/sub-nested"},{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2"},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment"}]}}' headers: cache-control: - no-cache @@ -1052,7 +1001,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:45 GMT + - Mon, 22 Mar 2021 06:15:02 GMT expires: - '-1' pragma: @@ -1077,7 +1026,7 @@ interactions: \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"targetMG\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment_mg\"\r\n \ },\r\n \"nestedSubId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"6898adc8-5045-473d-a1bf-7012564f43cb\"\r\n },\r\n \"nestedRG\": {\r\n + \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"\r\n },\r\n \"nestedRG\": {\r\n \ \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment\"\r\n \ },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0cb07228-4614-4814-ac1a-c4e39793ce58\"\r\n }\r\n },\r\n \"variables\": @@ -1136,26 +1085,26 @@ interactions: ParameterSetName: - --location -n --template-file --parameters --no-wait User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003","name":"azure-cli-resource-group-deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2020-12-16T22:19:47.071742Z","duration":"PT1.1027498S","correlationId":"719f72ae-54ac-482e-9cb2-4d1d046071f4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003","name":"azure-cli-resource-group-deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2021-03-22T06:15:06.7115128Z","duration":"PT3.2198937S","correlationId":"b10370ab-5ec1-407f-9d4f-99f8466fc1b1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}}' headers: azure-asyncoperation: - - https://management.azure.com/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003/operationStatuses/08585934496995086310?api-version=2020-10-01 + - https://management.azure.com/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003/operationStatuses/08585852131819860085?api-version=2020-10-01 cache-control: - no-cache content-length: - - '1056' + - '1057' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:46 GMT + - Mon, 22 Mar 2021 06:15:06 GMT expires: - '-1' pragma: @@ -1185,8 +1134,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1198,7 +1147,7 @@ interactions: cache-control: - no-cache date: - - Wed, 16 Dec 2020 22:19:47 GMT + - Mon, 22 Mar 2021 06:15:08 GMT expires: - '-1' pragma: @@ -1208,7 +1157,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: - - '1199' + - '1198' status: code: 204 message: No Content @@ -1226,15 +1175,15 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET uri: https://management.azure.com/providers/Microsoft.Resources/deployments/mock-deployment?api-version=2020-10-01 response: body: - string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003","name":"azure-cli-resource-group-deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"8536665170801743029","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"6898adc8-5045-473d-a1bf-7012564f43cb"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2020-12-16T22:19:48.4813916Z","duration":"PT2.5123994S","correlationId":"719f72ae-54ac-482e-9cb2-4d1d046071f4","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}}' + string: '{"id":"/providers/Microsoft.Resources/deployments/azure-cli-resource-group-deployment000003","name":"azure-cli-resource-group-deployment000003","type":"Microsoft.Resources/deployments","location":"westus","properties":{"templateHash":"5503699468917209467","parameters":{"targetMG":{"type":"String","value":"azure-cli-management-group000002"},"nestedSubId":{"type":"String","value":"0b1f6471-1bf0-4dda-aec3-cb9272f09590"},"nestedRG":{"type":"String","value":"cli_tenant_level_deployment"},"roleDefinitionId":{"type":"String","value":"0cb07228-4614-4814-ac1a-c4e39793ce58"}},"mode":"Incremental","provisioningState":"Canceled","timestamp":"2021-03-22T06:15:08.5532294Z","duration":"PT5.0616103S","correlationId":"b10370ab-5ec1-407f-9d4f-99f8466fc1b1","providers":[{"namespace":"Microsoft.Authorization","resourceTypes":[{"resourceType":"roleDefinitions","locations":[null]}]},{"namespace":"Microsoft.Resources","resourceTypes":[{"resourceType":"deployments","locations":["westus","eastus"]}]}],"dependencies":[]}}' headers: cache-control: - no-cache @@ -1243,7 +1192,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:19:48 GMT + - Mon, 22 Mar 2021 06:15:09 GMT expires: - '-1' pragma: @@ -1273,8 +1222,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -1288,7 +1237,7 @@ interactions: content-length: - '0' date: - - Wed, 16 Dec 2020 22:19:50 GMT + - Mon, 22 Mar 2021 06:15:14 GMT expires: - '-1' location: @@ -1318,131 +1267,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 - response: - body: - string: '' - headers: - cache-control: - - no-cache - content-length: - - '0' - date: - - Wed, 16 Dec 2020 22:20:06 GMT - expires: - - '-1' - location: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 - pragma: - - no-cache - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - status: - code: 202 - message: Accepted -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - group delete - Connection: - - keep-alive - ParameterSetName: - - -n --yes - User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 - response: - body: - string: '' - headers: - cache-control: - - no-cache - content-length: - - '0' - date: - - Wed, 16 Dec 2020 22:20:20 GMT - expires: - - '-1' - location: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 - pragma: - - no-cache - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - status: - code: 202 - message: Accepted -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - group delete - Connection: - - keep-alive - ParameterSetName: - - -n --yes - User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 - response: - body: - string: '' - headers: - cache-control: - - no-cache - content-length: - - '0' - date: - - Wed, 16 Dec 2020 22:20:35 GMT - expires: - - '-1' - location: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 - pragma: - - no-cache - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - status: - code: 202 - message: Accepted -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - group delete - Connection: - - keep-alive - ParameterSetName: - - -n --yes - User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 response: @@ -1454,7 +1280,7 @@ interactions: content-length: - '0' date: - - Wed, 16 Dec 2020 22:20:51 GMT + - Mon, 22 Mar 2021 06:15:31 GMT expires: - '-1' location: @@ -1482,8 +1308,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 response: @@ -1495,7 +1321,7 @@ interactions: content-length: - '0' date: - - Wed, 16 Dec 2020 22:21:06 GMT + - Mon, 22 Mar 2021 06:15:46 GMT expires: - '-1' location: @@ -1523,8 +1349,8 @@ interactions: ParameterSetName: - -n --yes User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURU5BTlQ6NUZMRVZFTDo1RkRFUExPWU1FTlQtRUFTVFVTMiIsImpvYkxvY2F0aW9uIjoiZWFzdHVzMiJ9?api-version=2020-10-01 response: @@ -1536,7 +1362,7 @@ interactions: content-length: - '0' date: - - Wed, 16 Dec 2020 22:21:21 GMT + - Mon, 22 Mar 2021 06:16:02 GMT expires: - '-1' pragma: @@ -1564,8 +1390,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -1581,7 +1407,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:21:23 GMT + - Mon, 22 Mar 2021 06:16:07 GMT expires: - '-1' pragma: @@ -1613,8 +1439,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -1630,7 +1456,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:21:33 GMT + - Mon, 22 Mar 2021 06:16:17 GMT expires: - '-1' pragma: @@ -1662,8 +1488,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: DELETE @@ -1679,7 +1505,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:21:34 GMT + - Mon, 22 Mar 2021 06:16:19 GMT expires: - '-1' location: @@ -1687,11 +1513,11 @@ interactions: pragma: - no-cache request-id: - - 0ae36d4d-3ce2-4def-a2fa-cb9981355ec3 + - ad42dedf-9454-4a61-b971-27d3b1034f0a strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-deletes: @@ -1713,8 +1539,8 @@ interactions: ParameterSetName: - -n User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: @@ -1728,13 +1554,13 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:21:44 GMT + - Mon, 22 Mar 2021 06:16:30 GMT expires: - '-1' pragma: - no-cache request-id: - - 3f7e12af-b206-4b82-9606-d444bee1fff9 + - 2223f669-c5a8-4417-a497-addc6e9d6983 strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -1742,7 +1568,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_what_if.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_what_if.yaml index 018c453e4bd..b7664968f92 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_what_if.yaml +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_tenant_level_what_if.yaml @@ -15,8 +15,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -32,7 +32,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:11:59 GMT + - Mon, 22 Mar 2021 06:20:04 GMT expires: - '-1' pragma: @@ -46,7 +46,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1198' status: code: 200 message: OK @@ -64,8 +64,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: GET @@ -81,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:12:09 GMT + - Mon, 22 Mar 2021 06:20:14 GMT expires: - '-1' pragma: @@ -116,8 +116,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: PUT @@ -133,7 +133,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:12:10 GMT + - Mon, 22 Mar 2021 06:20:16 GMT expires: - '-1' location: @@ -141,11 +141,11 @@ interactions: pragma: - no-cache request-id: - - 4014dfcb-3a58-48eb-99b2-ec551d594da8 + - 9689eb97-e52f-4f4c-83a2-32bfbe3d2d0e strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff x-ms-ratelimit-remaining-tenant-writes: @@ -167,8 +167,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: @@ -182,7 +182,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:12:20 GMT + - Mon, 22 Mar 2021 06:20:27 GMT expires: - '-1' location: @@ -190,11 +190,11 @@ interactions: pragma: - no-cache request-id: - - 27592d2b-b9cb-423a-9417-8d8cc3eae400 + - 5e903c91-63e2-4f98-8f32-2b5cf097e72f strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -214,8 +214,8 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: @@ -229,7 +229,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:12:31 GMT + - Mon, 22 Mar 2021 06:20:37 GMT expires: - '-1' location: @@ -237,11 +237,11 @@ interactions: pragma: - no-cache request-id: - - a85de0a4-b245-47a7-838b-e331e588b5bc + - c7d39c70-59e0-49af-9b2c-c6683cc0acef strict-transport-security: - max-age=31536000; includeSubDomains x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -261,29 +261,28 @@ interactions: ParameterSetName: - --name User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/azure-cli-management-group000002?api-version=2018-03-01-preview response: body: - string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management-group000002","status":"Succeeded","properties":{"tenantId":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"azure-cli-management-group000002","details":{"version":1,"updatedTime":"2020-12-16T22:12:20.1767976Z","updatedBy":"5310aa29-9a44-4cbc-adb3-6347a539537e","parent":{"id":"/providers/Microsoft.Management/managementGroups/01a4073e-87c8-47cd-aafc-1439b4b5ea2c","name":"01a4073e-87c8-47cd-aafc-1439b4b5ea2c","displayName":"Tenant - Root Group"}}}}' + string: '{"id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"azure-cli-management-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"azure-cli-management-group000002","details":{"version":1,"updatedTime":"2021-03-22T06:20:27.6539833Z","updatedBy":"9ac534f1-d577-4034-a32d-48de400dacbf","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}' headers: cache-control: - no-cache content-length: - - '653' + - '672' content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:12:41 GMT + - Mon, 22 Mar 2021 06:20:50 GMT expires: - '-1' pragma: - no-cache request-id: - - c8168aae-bdb4-40ff-86db-bafb86833e8c + - 789baaa6-5ed6-43c2-97fe-9e1bc57e4363 strict-transport-security: - max-age=31536000; includeSubDomains transfer-encoding: @@ -291,7 +290,7 @@ interactions: vary: - Accept-Encoding,Accept-Encoding x-ba-restapi: - - 1.0.3.1589 + - 1.0.3.1608 x-content-type-options: - nosniff status: @@ -305,10 +304,10 @@ interactions: \ \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"targetMG\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment_mg\"\r\n \ },\r\n \"nestedSubId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"6898adc8-5045-473d-a1bf-7012564f43cb\"\r\n },\r\n \"nestedRG\": {\r\n + \"0b1f6471-1bf0-4dda-aec3-cb9272f09590\"\r\n },\r\n \"nestedRG\": {\r\n \ \"type\": \"string\",\r\n \"defaultValue\": \"cli_tenant_level_deployment\"\r\n \ },\r\n \"roleDefinitionId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": - \"79d53de5-0a64-4f79-8c63-229ea4e90b45\"\r\n }\r\n },\r\n \"variables\": + \"0cb07228-4614-4814-ac1a-c4e39793ce58\"\r\n }\r\n },\r\n \"variables\": {\r\n \"managementGroupScope\": \"[concat('Microsoft.Management/managementGroups/', parameters('targetMG'))]\",\r\n \"managementGroupFullyQualifiedId\": \"[concat('/providers/', variables('managementGroupScope'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n @@ -364,8 +363,8 @@ interactions: ParameterSetName: - --location --template-file --parameters --no-pretty-print User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 accept-language: - en-US method: POST @@ -379,11 +378,11 @@ interactions: content-length: - '0' date: - - Wed, 16 Dec 2020 22:12:44 GMT + - Mon, 22 Mar 2021 06:20:53 GMT expires: - '-1' location: - - https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItLVRFTkFOVDo1RkxFVkVMOjVGVEVNUExBVEUtNjNDOTE5OTM6MkREQUQzOjJENEEzNDoyREE4NDM6MkRFRTlDODZDMzc0QTciLCJqb2JMb2NhdGlvbiI6Ildlc3RVUyJ9?api-version=2020-10-01 + - https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItLVRFTkFOVDo1RkxFVkVMOjVGVEVNUExBVEUtNTkxRkVGMzA6MkQxODE3OjJENEQzMDoyRDgzNzk6MkQxRUJFQTQ2NEU3MTUiLCJqb2JMb2NhdGlvbiI6Ildlc3RVUyJ9?api-version=2020-10-01 pragma: - no-cache strict-transport-security: @@ -409,13 +408,13 @@ interactions: ParameterSetName: - --location --template-file --parameters --no-pretty-print User-Agent: - - python/3.8.6 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 - azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.16.0 + - python/3.8.0 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-mgmt-resource/12.0.0 Azure-SDK-For-Python AZURECLI/2.21.0 method: GET - uri: https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItLVRFTkFOVDo1RkxFVkVMOjVGVEVNUExBVEUtNjNDOTE5OTM6MkREQUQzOjJENEEzNDoyREE4NDM6MkRFRTlDODZDMzc0QTciLCJqb2JMb2NhdGlvbiI6Ildlc3RVUyJ9?api-version=2020-10-01 + uri: https://management.azure.com/providers/Microsoft.Resources/operationResults/eyJqb2JJZCI6IkRlcGxveW1lbnRXaGF0SWZKb2ItLVRFTkFOVDo1RkxFVkVMOjVGVEVNUExBVEUtNTkxRkVGMzA6MkQxODE3OjJENEQzMDoyRDgzNzk6MkQxRUJFQTQ2NEU3MTUiLCJqb2JMb2NhdGlvbiI6Ildlc3RVUyJ9?api-version=2020-10-01 response: body: - string: '{"status":"Succeeded","properties":{"correlationId":"63c91993-dad3-4a34-a843-ee9c86c374a7","changes":[{"resourceId":"/providers/Microsoft.Authorization/roleDefinitions/79d53de5-0a64-4f79-8c63-229ea4e90b45","changeType":"Create","after":{"apiVersion":"2018-07-01","id":"/providers/Microsoft.Authorization/roleDefinitions/79d53de5-0a64-4f79-8c63-229ea4e90b45","name":"79d53de5-0a64-4f79-8c63-229ea4e90b45","properties":{"assignableScopes":["/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002"],"description":"something","permissions":[{"actions":["Microsoft.Storage/*/read"]}],"roleName":"Tiano + string: '{"status":"Succeeded","properties":{"correlationId":"591fef30-1817-4d30-8379-1ebea464e715","changes":[{"resourceId":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58","changeType":"Create","after":{"apiVersion":"2018-07-01","id":"/providers/Microsoft.Authorization/roleDefinitions/0cb07228-4614-4814-ac1a-c4e39793ce58","name":"0cb07228-4614-4814-ac1a-c4e39793ce58","properties":{"assignableScopes":["/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002"],"description":"something","permissions":[{"actions":["Microsoft.Storage/*/read"]}],"roleName":"Tiano SDK Test Role","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}},{"resourceId":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2","changeType":"Create","after":{"apiVersion":"2016-12-01","id":"/providers/Microsoft.Management/managementGroups/azure-cli-management-group000002/providers/Microsoft.Authorization/policyDefinitions/policy2","name":"policy2","properties":{"policyRule":{"if":{"equals":"northeurope","field":"location"},"then":{"effect":"deny"}},"policyType":"Custom"},"type":"Microsoft.Authorization/policyDefinitions"}},{"resourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment","changeType":"Create","after":{"apiVersion":"2019-07-01","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_tenant_level_deployment","location":"East US 2","name":"cli_tenant_level_deployment","type":"Microsoft.Resources/resourceGroups"}}]}}' headers: @@ -426,7 +425,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 16 Dec 2020 22:12:59 GMT + - Mon, 22 Mar 2021 06:21:09 GMT expires: - '-1' pragma: diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set.json index f450ca4a9d1..3985164b928 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set.json +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set.json @@ -1 +1 @@ -[{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", "westus"]}}}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}] \ No newline at end of file +[{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003", "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", "westus"]}}}, {"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}] \ No newline at end of file diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_parameterized.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_parameterized.json index f89b4fdb870..45555da618f 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_parameterized.json +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_parameterized.json @@ -1 +1 @@ -[{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "parameters": {"allowedLocations": {"value": "[parameters('allowedLocations')]"}}}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}] \ No newline at end of file +[{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003", "parameters": {"allowedLocations": {"value": "[parameters('allowedLocations')]"}}}, {"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}] \ No newline at end of file diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/tenant_level_template.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/tenant_level_template.json index fa5111668e9..2b731296e94 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/tenant_level_template.json +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/tenant_level_template.json @@ -8,7 +8,7 @@ }, "nestedSubId": { "type": "string", - "defaultValue": "6898adc8-5045-473d-a1bf-7012564f43cb" + "defaultValue": "0b1f6471-1bf0-4dda-aec3-cb9272f09590" }, "nestedRG": { "type": "string", diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py index f151cad6ef9..1c9d2637a8c 100644 --- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py +++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py @@ -1034,7 +1034,8 @@ def test_template_spec_export_error_handling(self, resource_group, resource_grou 'template_spec_name': 'CLITestTemplateSpecExport', 'output_folder': os.path.dirname(os.path.realpath(__file__)).replace('\\', '\\\\') }) - with self.assertRaises(IncorrectUsageError) as err: + # Because exit_code is 1, so the exception caught should be an AssertionError + with self.assertRaises(AssertionError) as err: self.cmd('ts export -g {rg} --name {template_spec_name} --output-folder {output_folder}') self.assertTrue('Please specify the template spec version for export' in str(err.exception)) @@ -1187,6 +1188,8 @@ def test_subscription_level_deployment(self): self.cmd('deployment sub cancel -n {dn2}') + self.cmd('deployment sub wait -n {dn2} --custom "provisioningState==Canceled"') + self.cmd('deployment sub show -n {dn2}', checks=[ self.check('properties.provisioningState', 'Canceled') ])